Copies of this document may be made for your own use and for distribution to
others, provided that you do not charge any fee for such copies and further
provided that each copy contains this Copyright Notice, whether distributed in
print or electronically.

1. About the Documentation

Copies of this document may be made for your own use and for distribution to others,
provided that you do not charge any fee for such copies and further provided that each
copy contains this Copyright Notice, whether distributed in print or electronically.

2. Getting Help

Learn the Spring basics. Spring Boot builds on many other Spring projects. Check the
spring.io web-site for a wealth of reference documentation. If you are
starting out with Spring, try one of the guides.

Part II. Getting Started

If you are getting started with Spring Boot, or “Spring” in general, start by reading
this section. It answers the basic “what?”, “how?” and “why?” questions. It
includes an introduction to Spring Boot, along with installation instructions. We then
walk you through building your first Spring Boot application, discussing some core
principles as we go.

8. Introducing Spring Boot

Spring Boot makes it easy to create stand-alone, production-grade Spring-based
Applications that you can run. We take an opinionated view of the Spring platform and
third-party libraries, so that you can get started with minimum fuss. Most Spring Boot
applications need very little Spring configuration.

You can use Spring Boot to create Java applications that can be started by using
java -jar or more traditional war deployments. We also provide a command line tool that
runs “spring scripts”.

Our primary goals are:

Provide a radically faster and widely accessible getting-started experience for all
Spring development.

Be opinionated out of the box but get out of the way quickly as requirements start to
diverge from the defaults.

Provide a range of non-functional features that are common to large classes of projects
(such as embedded servers, security, metrics, health checks, and externalized
configuration).

Absolutely no code generation and no requirement for XML configuration.

9.1 Servlet Containers

You can also deploy Spring Boot applications to any Servlet 3.1+ compatible container.

10. Installing Spring Boot

Spring Boot can be used with “classic” Java development tools or installed as a command
line tool. Either way, you need Java SDK v1.8 or higher. Before you
begin, you should check your current Java installation by using the following command:

$ java -version

If you are new to Java development or if you want to experiment with Spring Boot, you
might want to try the Spring Boot CLI (Command
Line Interface) first. Otherwise, read on for “classic” installation instructions.

10.1 Installation Instructions for the Java Developer

You can use Spring Boot in the same way as any standard Java library. To do so, include
the appropriate spring-boot-*.jar files on your classpath. Spring Boot does not
require any special tools integration, so you can use any IDE or text editor. Also, there
is nothing special about a Spring Boot application, so you can run and debug a Spring
Boot application as you would any other Java program.

Although you could copy Spring Boot jars, we generally recommend that you use a build
tool that supports dependency management (such as Maven or Gradle).

10.1.1 Maven Installation

Spring Boot is compatible with Apache Maven 3.3 or above. If you do not already have
Maven installed, you can follow the instructions at maven.apache.org.

Tip

On many operating systems, Maven can be installed with a package manager. If you use
OSX Homebrew, try brew install maven. Ubuntu users can run
sudo apt-get install maven. Windows users with Chocolatey can
run choco install maven from an elevated (administrator) prompt.

Spring Boot dependencies use the org.springframework.bootgroupId. Typically, your
Maven POM file inherits from the spring-boot-starter-parent project and declares
dependencies to one or more “Starters”.
Spring Boot also provides an optional
Maven plugin to create
executable jars.

The spring-boot-starter-parent is a great way to use Spring Boot, but it might not
be suitable all of the time. Sometimes you may need to inherit from a different parent
POM, or you might not like our default settings. In those cases, see
Section 13.2.2, “Using Spring Boot without the Parent POM” for an alternative solution that uses an import
scope.

10.1.2 Gradle Installation

Spring Boot is compatible with Gradle 4.4 and later. If you do not already have Gradle
installed, you can follow the instructions at gradle.org.

Spring Boot dependencies can be declared by using the org.springframework.bootgroup.
Typically, your project declares dependencies to one or more
“Starters”. Spring Boot
provides a useful Gradle
plugin that can be used to simplify dependency declarations and to create executable
jars.

Gradle Wrapper

The Gradle Wrapper provides a nice way of “obtaining” Gradle when you need to build a
project. It is a small script and library that you commit alongside your code to
bootstrap the build process. See docs.gradle.org/4.2.1/userguide/gradle_wrapper.html for details.

More details on getting started with Spring Boot and Gradle can be found in the
Getting Started section of the
Gradle plugin’s reference guide.

10.2 Installing the Spring Boot CLI

The Spring Boot CLI (Command Line Interface) is a command line tool that you can use to
quickly prototype with Spring. It lets you run Groovy scripts,
which means that you have a familiar Java-like syntax without so much boilerplate code.

You do not need to use the CLI to work with Spring Boot, but it is definitely the
quickest way to get a Spring application off the ground.

10.2.1 Manual Installation

You can download the Spring CLI distribution from the Spring software repository:

Once downloaded, follow the
INSTALL.txt
instructions from the unpacked archive. In summary, there is a spring script
(spring.bat for Windows) in a bin/ directory in the .zip file. Alternatively, you
can use java -jar with the .jar file (the script helps you to be sure that the
classpath is set correctly).

10.2.2 Installation with SDKMAN!

SDKMAN! (The Software Development Kit Manager) can be used for managing multiple versions
of various binary SDKs, including Groovy and the Spring Boot CLI.
Get SDKMAN! from sdkman.io and install Spring Boot by using the following
commands:

10.2.3 OSX Homebrew Installation

If you are on a Mac and use Homebrew, you can install the Spring Boot
CLI by using the following commands:

$ brew tap pivotal/tap
$ brew install springboot

Homebrew installs spring to /usr/local/bin.

Note

If you do not see the formula, your installation of brew might be out-of-date. In
that case, run brew update and try again.

10.2.4 MacPorts Installation

If you are on a Mac and use MacPorts, you can install the
Spring Boot CLI by using the following command:

$ sudo port install spring-boot-cli

10.2.5 Command-line Completion

The Spring Boot CLI includes scripts that provide command completion for the
BASH and
zsh shells. You can source the script (also named
spring) in any shell or put it in your personal or system-wide bash completion
initialization. On a Debian system, the system-wide scripts are in
/shell-completion/bash and all scripts in that directory are executed when a new shell
starts. For example, to run the script manually if you have installed by using SDKMAN!,
use the following commands:

When upgrading to a new feature release, some properties may have been renamed or removed.
Spring Boot provides a way to analyze your application’s environment and print diagnostics
at startup, but also temporarily migrate properties at runtime for you. To enable that
feature, add the following dependency to your project:

This sample needs to be created in its own folder. Subsequent instructions assume
that you have created a suitable folder and that it is your current directory.

11.1 Creating the POM

We need to start by creating a Maven pom.xml file. The pom.xml is the recipe that is
used to build your project. Open your favorite text editor and add the following:

<?xml version="1.0" encoding="UTF-8"?><projectxmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.example</groupId><artifactId>myproject</artifactId><version>0.0.1-SNAPSHOT</version><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.1.1.BUILD-SNAPSHOT</version></parent><!-- Additional lines to be added here... --><!-- (you don't need this if you are using a .RELEASE version) --><repositories><repository><id>spring-snapshots</id><url>https://repo.spring.io/snapshot</url><snapshots><enabled>true</enabled></snapshots></repository><repository><id>spring-milestones</id><url>https://repo.spring.io/milestone</url></repository></repositories><pluginRepositories><pluginRepository><id>spring-snapshots</id><url>https://repo.spring.io/snapshot</url></pluginRepository><pluginRepository><id>spring-milestones</id><url>https://repo.spring.io/milestone</url></pluginRepository></pluginRepositories></project>

The preceding listing should give you a working build. You can test it by running mvn
package (for now, you can ignore the “jar will be empty - no content was marked for
inclusion!” warning).

Note

At this point, you could import the project into an IDE (most modern Java IDEs
include built-in support for Maven). For simplicity, we continue to use a plain text
editor for this example.

11.2 Adding Classpath Dependencies

Spring Boot provides a number of “Starters” that let you add jars to your classpath.
Our sample application has already used spring-boot-starter-parent in the parent
section of the POM. The spring-boot-starter-parent is a special starter that provides
useful Maven defaults. It also provides a
dependency-management
section so that you can omit version tags for “blessed” dependencies.

Other “Starters” provide dependencies that you are likely to need when developing a
specific type of application. Since we are developing a web application, we add a
spring-boot-starter-web dependency. Before that, we can look at what we currently have
by running the following command:

$ mvn dependency:tree
[INFO] com.example:myproject:jar:0.0.1-SNAPSHOT

The mvn dependency:tree command prints a tree representation of your project
dependencies. You can see that spring-boot-starter-parent provides no dependencies by
itself. To add the necessary dependencies, edit your pom.xml and add the
spring-boot-starter-web dependency immediately below the parent section:

If you run mvn dependency:tree again, you see that there are now a number of additional
dependencies, including the Tomcat web server and Spring Boot itself.

11.3 Writing the Code

To finish our application, we need to create a single Java file. By default, Maven
compiles sources from src/main/java, so you need to create that folder structure and
then add a file named src/main/java/Example.java to contain the following code:

Although there is not much code here, quite a lot is going on. We step through the
important parts in the next few sections.

11.3.1 The @RestController and @RequestMapping Annotations

The first annotation on our Example class is @RestController. This is known as a
stereotype annotation. It provides hints for people reading the code and for Spring
that the class plays a specific role. In this case, our class is a web @Controller, so
Spring considers it when handling incoming web requests.

The @RequestMapping annotation provides “routing” information. It tells Spring that
any HTTP request with the / path should be mapped to the home method. The
@RestController annotation tells Spring to render the resulting string directly back to
the caller.

Tip

The @RestController and @RequestMapping annotations are Spring MVC annotations.
(They are not specific to Spring Boot.) See the MVC
section in the Spring Reference Documentation for more details.

11.3.2 The @EnableAutoConfiguration Annotation

The second class-level annotation is @EnableAutoConfiguration. This annotation tells
Spring Boot to “guess” how you want to configure Spring, based on the jar dependencies
that you have added. Since spring-boot-starter-web added Tomcat and Spring MVC, the
auto-configuration assumes that you are developing a web application and sets up Spring
accordingly.

Starters and Auto-configuration

Auto-configuration is designed to work well with “Starters”, but the two concepts are
not directly tied. You are free to pick and choose jar dependencies outside of the
starters. Spring Boot still does its best to auto-configure your application.

11.3.3 The “main” Method

The final part of our application is the main method. This is just a standard method
that follows the Java convention for an application entry point. Our main method
delegates to Spring Boot’s SpringApplication class by calling run.
SpringApplication bootstraps our application, starting Spring, which, in turn, starts
the auto-configured Tomcat web server. We need to pass Example.class as an argument to
the run method to tell SpringApplication which is the primary Spring component. The
args array is also passed through to expose any command-line arguments.

11.4 Running the Example

At this point, your application should work. Since you used the
spring-boot-starter-parent POM, you have a useful run goal that you can use to start
the application. Type mvn spring-boot:run from the root project directory to start the
application. You should see output similar to the following:

If you open a web browser to localhost:8080, you should see the following output:

Hello World!

To gracefully exit the application, press ctrl-c.

11.5 Creating an Executable Jar

We finish our example by creating a completely self-contained executable jar file that
we could run in production. Executable jars (sometimes called “fat jars”) are archives
containing your compiled classes along with all of the jar dependencies that your code
needs to run.

Executable jars and Java

Java does not provide a standard way to load nested jar files (jar files that are
themselves contained within a jar). This can be problematic if you are looking to
distribute a self-contained application.

To solve this problem, many developers use “uber” jars. An uber jar packages all the
classes from all the application’s dependencies into a single archive. The problem with
this approach is that it becomes hard to see which libraries are in your application. It
can also be problematic if the same filename is used (but with different content) in
multiple jars.

The spring-boot-starter-parent POM includes <executions> configuration to bind
the repackage goal. If you do not use the parent POM, you need to declare this
configuration yourself. See the plugin
documentation for details.

Save your pom.xml and run mvn package from the command line, as follows:

12. What to Read Next

Hopefully, this section provided some of the Spring Boot basics and got you on your way
to writing your own applications. If you are a task-oriented type of developer, you might
want to jump over to spring.io and check out some of the
getting started guides that solve specific “How do I do that
with Spring?” problems. We also have Spring Boot-specific
“How-to” reference documentation.

The Spring Boot repository also has a
bunch of samples you can run. The samples are
independent of the rest of the code (that is, you do not need to build the rest to run or
use the samples).

Part III. Using Spring Boot

This section goes into more detail about how you should use Spring Boot. It covers topics
such as build systems, auto-configuration, and how to run your applications. We also
cover some Spring Boot best practices. Although there is nothing particularly special
about Spring Boot (it is just another library that you can consume), there are a few
recommendations that, when followed, make your development process a little easier.

If you are starting out with Spring Boot, you should probably read the
Getting Started guide before diving into this
section.

13. Build Systems

It is strongly recommended that you choose a build system that supports
dependency management and that can consume
artifacts published to the “Maven Central” repository. We would recommend that you
choose Maven or Gradle. It is possible to get Spring Boot to work with other build
systems (Ant, for example), but they are not particularly well supported.

13.1 Dependency Management

Each release of Spring Boot provides a curated list of dependencies that it supports. In
practice, you do not need to provide a version for any of these dependencies in your
build configuration, as Spring Boot manages that for you. When you upgrade Spring
Boot itself, these dependencies are upgraded as well in a consistent way.

Note

You can still specify a version and override Spring Boot’s recommendations if you
need to do so.

Each release of Spring Boot is associated with a base version of the Spring
Framework. We highly recommend that you not specify its version.

13.2 Maven

Maven users can inherit from the spring-boot-starter-parent project to obtain sensible
defaults. The parent project provides the following features:

Java 1.8 as the default compiler level.

UTF-8 source encoding.

A Dependency Management section, inherited from
the spring-boot-dependencies pom, that manages the versions of common dependencies. This
dependency management lets you omit <version> tags for those dependencies when used in
your own pom.

Note that, since the application.properties and application.yml files accept Spring
style placeholders (${…​}), the Maven filtering is changed to use @[email protected] placeholders.
(You can override that by setting a Maven property called resource.delimiter.)

13.2.1 Inheriting the Starter Parent

To configure your project to inherit from the spring-boot-starter-parent, set the
parent as follows:

You should need to specify only the Spring Boot version number on this dependency.
If you import additional starters, you can safely omit the version number.

With that setup, you can also override individual dependencies by overriding a property
in your own project. For instance, to upgrade to another Spring Data release train, you
would add the following to your pom.xml:

13.2.2 Using Spring Boot without the Parent POM

Not everyone likes inheriting from the spring-boot-starter-parent POM. You may have
your own corporate standard parent that you need to use or you may prefer to explicitly
declare all your Maven configuration.

If you do not want to use the spring-boot-starter-parent, you can still keep the
benefit of the dependency management (but not the plugin management) by using a
scope=import dependency, as follows:

The preceding sample setup does not let you override individual dependencies by using a
property, as explained above. To achieve the same result, you need to add an entry in the
dependencyManagement of your project before the spring-boot-dependencies entry.
For instance, to upgrade to another Spring Data release train, you could add the
following element to your pom.xml:

13.3 Gradle

13.4 Ant

It is possible to build a Spring Boot project using Apache Ant+Ivy. The
spring-boot-antlib “AntLib” module is also available to help Ant create executable
jars.

To declare dependencies, a typical ivy.xml file looks something like the following
example:

<ivy-moduleversion="2.0"><infoorganisation="org.springframework.boot"module="spring-boot-sample-ant" /><configurations><confname="compile"description="everything needed to compile this module" /><confname="runtime"extends="compile"description="everything needed to run this module" /></configurations><dependencies><dependencyorg="org.springframework.boot"name="spring-boot-starter"rev="${spring-boot.version}"conf="compile" /></dependencies></ivy-module>

13.5 Starters

Starters are a set of convenient dependency descriptors that you can include in your
application. You get a one-stop shop for all the Spring and related technologies that you
need without having to hunt through sample code and copy-paste loads of dependency
descriptors. For example, if you want to get started using Spring and JPA for database
access, include the spring-boot-starter-data-jpa dependency in your project.

The starters contain a lot of the dependencies that you need to get a project up and
running quickly and with a consistent, supported set of managed transitive dependencies.

What’s in a name

All official starters follow a similar naming pattern; spring-boot-starter-*,
where * is a particular type of application. This naming structure is intended to
help when you need to find a starter. The Maven integration in many IDEs lets you
search dependencies by name. For example, with the appropriate Eclipse or STS plugin
installed, you can press ctrl-space in the POM editor and type
“spring-boot-starter” for a complete list.

As explained in the “Creating Your
Own Starter” section, third party starters should not start with spring-boot, as it
is reserved for official Spring Boot artifacts. Rather, a third-party starter typically
starts with the name of the project. For example, a third-party starter project called
thirdpartyproject would typically be named thirdpartyproject-spring-boot-starter.

The following application starters are provided by Spring Boot under the
org.springframework.boot group:

For a list of additional community contributed starters, see the
README file in
the spring-boot-starters module on GitHub.

14. Structuring Your Code

Spring Boot does not require any specific code layout to work. However, there are some
best practices that help.

14.1 Using the “default” Package

When a class does not include a package declaration, it is considered to be in the
“default package”. The use of the “default package” is generally discouraged and
should be avoided. It can cause particular problems for Spring Boot applications that use
the @ComponentScan, @EntityScan, or @SpringBootApplication annotations, since every
class from every jar is read.

Tip

We recommend that you follow Java’s recommended package naming conventions and use a
reversed domain name (for example, com.example.project).

14.2 Locating the Main Application Class

We generally recommend that you locate your main application class in a root package
above other classes. The @SpringBootApplication annotation is often placed on your main class, and it
implicitly defines a base “search package” for certain items. For example, if you are
writing a JPA application, the package of the @SpringBootApplication annotated class
is used to search for @Entity items. Using a root package also allows component
scan to apply only on your project.

Tip

If you don’t want to use @SpringBootApplication, the @EnableAutoConfiguration
and @ComponentScan annotations that it imports defines that behaviour so you can also
use that instead.

15. Configuration Classes

Spring Boot favors Java-based configuration. Although it is possible to use
SpringApplication with XML sources, we generally recommend that your primary source be
a single @Configuration class. Usually the class that defines the main method is a
good candidate as the primary @Configuration.

Tip

Many Spring configuration examples have been published on the Internet that use XML
configuration. If possible, always try to use the equivalent Java-based configuration.
Searching for Enable* annotations can be a good starting point.

15.1 Importing Additional Configuration Classes

You need not put all your @Configuration into a single class. The @Import annotation
can be used to import additional configuration classes. Alternatively, you can use
@ComponentScan to automatically pick up all Spring components, including
@Configuration classes.

15.2 Importing XML Configuration

If you absolutely must use XML based configuration, we recommend that you still start
with a @Configuration class. You can then use an @ImportResource annotation to load
XML configuration files.

16. Auto-configuration

Spring Boot auto-configuration attempts to automatically configure your Spring
application based on the jar dependencies that you have added. For example, if HSQLDB
is on your classpath, and you have not manually configured any database connection beans,
then Spring Boot auto-configures an in-memory database.

You need to opt-in to auto-configuration by adding the @EnableAutoConfiguration or
@SpringBootApplication annotations to one of your @Configuration classes.

Tip

You should only ever add one @SpringBootApplication or @EnableAutoConfiguration
annotation. We generally recommend that you add one or the other to your primary
@Configuration class only.

16.1 Gradually Replacing Auto-configuration

Auto-configuration is non-invasive. At any point, you can start to define your own
configuration to replace specific parts of the auto-configuration. For example, if you
add your own DataSource bean, the default embedded database support backs away.

If you need to find out what auto-configuration is currently being applied, and why,
start your application with the --debug switch. Doing so enables debug logs for a
selection of core loggers and logs a conditions report to the console.

16.2 Disabling Specific Auto-configuration Classes

If you find that specific auto-configuration classes that you do not want are being
applied, you can use the exclude attribute of @EnableAutoConfiguration to disable them,
as shown in the following example:

If the class is not on the classpath, you can use the excludeName attribute of the
annotation and specify the fully qualified name instead. Finally, you can also control
the list of auto-configuration classes to exclude by using the
spring.autoconfigure.exclude property.

Tip

You can define exclusions both at the annotation level and by using the property.

17. Spring Beans and Dependency Injection

You are free to use any of the standard Spring Framework techniques to define your beans
and their injected dependencies. For simplicity, we often find that using
@ComponentScan (to find your beans) and using @Autowired (to do constructor
injection) works well.

If you structure your code as suggested above (locating your application class in a root
package), you can add @ComponentScan without any arguments. All of your application
components (@Component, @Service, @Repository, @Controller etc.) are
automatically registered as Spring Beans.

The following example shows a @Service Bean that uses constructor injection to obtain a
required RiskAssessor bean:

Notice how using constructor injection lets the riskAssessor field be marked as
final, indicating that it cannot be subsequently changed.

18. Using the @SpringBootApplication Annotation

Many Spring Boot developers like their apps to use auto-configuration, component scan and
be able to define extra configuration on their "application class". A single
@SpringBootApplication annotation can be used to enable those three features, that is:

@SpringBootApplication also provides aliases to customize the attributes of
@EnableAutoConfiguration and @ComponentScan.

Note

None of these features are mandatory and you may choose to replace this single annotation
by any of the features that it enables. For instance, you may not want to use component
scan in your application:

In this example, Application is just like any other Spring Boot application except that
@Component-annotated classes are not detected automatically and the user-defined beans
are imported explicitly (see @Import).

19. Running Your Application

One of the biggest advantages of packaging your application as a jar and using an
embedded HTTP server is that you can run your application as you would any other.
Debugging Spring Boot applications is also easy. You do not need any special IDE plugins
or extensions.

Note

This section only covers jar based packaging. If you choose to package your
application as a war file, you should refer to your server and IDE documentation.

19.1 Running from an IDE

You can run a Spring Boot application from your IDE as a simple Java application.
However, you first need to import your project. Import steps vary depending on your IDE
and build system. Most IDEs can import Maven projects directly. For example, Eclipse
users can select Import…​ → Existing Maven Projects from the File menu.

If you cannot directly import your project into your IDE, you may be able to generate IDE
metadata by using a build plugin. Maven includes plugins for
Eclipse and
IDEA. Gradle offers plugins for
various IDEs.

Tip

If you accidentally run a web application twice, you see a “Port already in use”
error. STS users can use the Relaunch button rather than the Run button to ensure
that any existing instance is closed.

19.2 Running as a Packaged Application

If you use the Spring Boot Maven or Gradle plugins to create an executable jar, you can
run your application using java -jar, as shown in the following example:

$ java -jar target/myapplication-0.0.1-SNAPSHOT.jar

It is also possible to run a packaged application with remote debugging support enabled.
Doing so lets you attach a debugger to your packaged application, as shown in the
following example:

19.3 Using the Maven Plugin

The Spring Boot Maven plugin includes a run goal that can be used to quickly compile
and run your application. Applications run in an exploded form, as they do in your IDE.
The following example shows a typical Maven command to run a Spring Boot application:

$ mvn spring-boot:run

You might also want to use the MAVEN_OPTS operating system environment variable, as
shown in the following example:

$ export MAVEN_OPTS=-Xmx1024m

19.4 Using the Gradle Plugin

The Spring Boot Gradle plugin also includes a bootRun task that can be used to run your
application in an exploded form. The bootRun task is added whenever you apply the
org.springframework.boot and java plugins and is shown in the following example:

$ gradle bootRun

You might also want to use the JAVA_OPTS operating system environment variable, as
shown in the following example:

$ export JAVA_OPTS=-Xmx1024m

19.5 Hot Swapping

Since Spring Boot applications are just plain Java applications, JVM hot-swapping should
work out of the box. JVM hot swapping is somewhat limited with the bytecode that it can
replace. For a more complete solution,
JRebel can be used.

20. Developer Tools

Spring Boot includes an additional set of tools that can make the application
development experience a little more pleasant. The spring-boot-devtools module can be
included in any project to provide additional development-time features. To include
devtools support, add the module dependency to your build, as shown in the following
listings for Maven and Gradle:

Developer tools are automatically disabled when running a fully packaged
application. If your application is launched from java -jar or if it is started from a
special classloader, then it is considered a “production application”. Flagging the
dependency as optional in Maven or using a custom`developmentOnly` configuration in
Gradle (as shown above) is a best practice that prevents devtools from being transitively
applied to other modules that use your project.

Tip

Repackaged archives do not contain devtools by default. If you want to use a
certain remote devtools feature, you need to disable the
excludeDevtools build property to include it. The property is supported with both the
Maven and Gradle plugins.

While caching is very beneficial in production, it can be counter-productive during
development, preventing you from seeing the changes you just made in your application.
For this reason, spring-boot-devtools disables the caching options by default.

Cache options are usually configured by settings in your application.properties file.
For example, Thymeleaf offers the spring.thymeleaf.cache property. Rather than needing
to set these properties manually, the spring-boot-devtools module automatically applies
sensible development-time configuration.

Because you need more information about web requests while developing Spring MVC and
Spring WebFlux applications, developer tools will enable DEBUG logging for the web
logging group. This will give you information about the incoming request, which handler is
processing it, the response outcome, etc. If you wish to log all request details
(including potentially sensitive information), you can turn on the
spring.http.log-request-details configuration property.

Note

If you don’t want property defaults to be applied you can set
spring.devtools.add-properties to false in your application.properties.

20.2 Automatic Restart

Applications that use spring-boot-devtools automatically restart whenever files on the
classpath change. This can be a useful feature when working in an IDE, as it gives a very
fast feedback loop for code changes. By default, any entry on the classpath that points
to a folder is monitored for changes. Note that certain resources, such as static assets
and view templates, do not need to restart the
application.

Triggering a restart

As DevTools monitors classpath resources, the only way to trigger a restart is to update
the classpath. The way in which you cause the classpath to be updated depends on the IDE
that you are using. In Eclipse, saving a modified file causes the classpath to be updated
and triggers a restart. In IntelliJ IDEA, building the project
(Build -> Build Project) has the same effect.

Note

As long as forking is enabled, you can also start your application by using the supported
build plugins (Maven and Gradle), since DevTools needs an isolated application
classloader to operate properly. By default, Gradle and Maven do that when they detect
DevTools on the classpath.

Tip

Automatic restart works very well when used with LiveReload.
See the LiveReload section for details. If you use
JRebel, automatic restarts are disabled in favor of dynamic class reloading. Other
devtools features (such as LiveReload and property overrides) can still be used.

Note

DevTools relies on the application context’s shutdown hook to close it during a
restart. It does not work correctly if you have disabled the shutdown hook
(SpringApplication.setRegisterShutdownHook(false)).

Note

When deciding if an entry on the classpath should trigger a restart when it
changes, DevTools automatically ignores projects named spring-boot,
spring-boot-devtools, spring-boot-autoconfigure, spring-boot-actuator, and
spring-boot-starter.

Note

DevTools needs to customize the ResourceLoader used by the ApplicationContext.
If your application provides one already, it is going to be wrapped. Direct override of
the getResource method on the ApplicationContext is not supported.

Restart vs Reload

The restart technology provided by Spring Boot works by using two classloaders. Classes
that do not change (for example, those from third-party jars) are loaded into a base
classloader. Classes that you are actively developing are loaded into a restart
classloader. When the application is restarted, the restart classloader is thrown away
and a new one is created. This approach means that application restarts are typically
much faster than “cold starts”, since the base classloader is already available and
populated.

If you find that restarts are not quick enough for your applications or you encounter
classloading issues, you could consider reloading technologies such as
JRebel from ZeroTurnaround. These work by
rewriting classes as they are loaded to make them more amenable to reloading.

20.2.1 Logging changes in condition evaluation

By default, each time your application restarts, a report showing the condition evaluation
delta is logged. The report shows the changes to your application’s auto-configuration as
you make changes such as adding or removing beans and setting configuration properties.

To disable the logging of the report, set the following property:

spring.devtools.restart.log-condition-evaluation-delta=false

20.2.2 Excluding Resources

Certain resources do not necessarily need to trigger a restart when they are changed. For
example, Thymeleaf templates can be edited in-place. By default, changing resources
in /META-INF/maven, /META-INF/resources, /resources, /static, /public, or
/templates does not trigger a restart but does trigger a
live reload. If you want to customize these
exclusions, you can use the spring.devtools.restart.exclude property. For example, to
exclude only /static and /public you would set the following property:

spring.devtools.restart.exclude=static/**,public/**

Tip

If you want to keep those defaults and add additional exclusions, use the
spring.devtools.restart.additional-exclude property instead.

20.2.3 Watching Additional Paths

You may want your application to be restarted or reloaded when you make changes to files
that are not on the classpath. To do so, use the
spring.devtools.restart.additional-paths property to configure additional paths to
watch for changes. You can use the spring.devtools.restart.exclude property
described earlier to control whether changes
beneath the additional paths trigger a full restart or a
live reload.

20.2.4 Disabling Restart

If you do not want to use the restart feature, you can disable it by using the
spring.devtools.restart.enabled property. In most cases, you can set this property in
your application.properties (doing so still initializes the restart classloader, but it
does not watch for file changes).

If you need to completely disable restart support (for example, because it does not work
with a specific library), you need to set the spring.devtools.restart.enabledSystem
property to false before calling SpringApplication.run(…​), as shown in the
following example:

20.2.5 Using a Trigger File

If you work with an IDE that continuously compiles changed files, you might prefer to
trigger restarts only at specific times. To do so, you can use a “trigger file”, which
is a special file that must be modified when you want to actually trigger a restart
check. Changing the file only triggers the check and the restart only occurs if
Devtools has detected it has to do something. The trigger file can be updated manually or
with an IDE plugin.

To use a trigger file, set the spring.devtools.restart.trigger-file property to the
path of your trigger file.

Tip

You might want to set spring.devtools.restart.trigger-file as a
global setting, so that all your projects behave
in the same way.

20.2.6 Customizing the Restart Classloader

As described earlier in the Restart vs Reload section, restart
functionality is implemented by using two classloaders. For most applications, this
approach works well. However, it can sometimes cause classloading issues.

By default, any open project in your IDE is loaded with the “restart” classloader, and
any regular .jar file is loaded with the “base” classloader. If you work on a
multi-module project, and not every module is imported into your IDE, you may need to
customize things. To do so, you can create a META-INF/spring-devtools.properties file.

The spring-devtools.properties file can contain properties prefixed with
restart.exclude and restart.include. The include elements are items that should be
pulled up into the “restart” classloader, and the exclude elements are items that
should be pushed down into the “base” classloader. The value of the property is a regex
pattern that is applied to the classpath, as shown in the following example:

All property keys must be unique. As long as a property starts with
restart.include. or restart.exclude. it is considered.

Tip

All META-INF/spring-devtools.properties from the classpath are loaded. You can
package files inside your project, or in the libraries that the project consumes.

20.2.7 Known Limitations

Restart functionality does not work well with objects that are deserialized by using a
standard ObjectInputStream. If you need to deserialize data, you may need to use
Spring’s ConfigurableObjectInputStream in combination with
Thread.currentThread().getContextClassLoader().

Unfortunately, several third-party libraries deserialize without considering the context
classloader. If you find such a problem, you need to request a fix with the original
authors.

20.3 LiveReload

The spring-boot-devtools module includes an embedded LiveReload server that can be used
to trigger a browser refresh when a resource is changed. LiveReload browser extensions
are freely available for Chrome, Firefox and Safari from
livereload.com.

If you do not want to start the LiveReload server when your application runs, you can set
the spring.devtools.livereload.enabled property to false.

Note

You can only run one LiveReload server at a time. Before starting your application,
ensure that no other LiveReload servers are running. If you start multiple applications
from your IDE, only the first has LiveReload support.

20.4 Global Settings

You can configure global devtools settings by adding a file named
.spring-boot-devtools.properties to your $HOME folder (note that the filename starts
with “.”). Any properties added to this file apply to all Spring Boot applications on
your machine that use devtools. For example, to configure restart to always use a
trigger file, you would add the following
property:

~/.spring-boot-devtools.properties.

spring.devtools.reload.trigger-file=.reloadtrigger

20.5 Remote Applications

The Spring Boot developer tools are not limited to local development. You can also
use several features when running applications remotely. Remote support is opt-in. To
enable it, you need to make sure that devtools is included in the repackaged archive,
as shown in the following listing:

Then you need to set a spring.devtools.remote.secret property, as shown in the
following example:

spring.devtools.remote.secret=mysecret

Warning

Enabling spring-boot-devtools on a remote application is a security risk. You
should never enable support on a production deployment.

Remote devtools support is provided in two parts: a server-side endpoint that accepts
connections and a client application that you run in your IDE. The server component is
automatically enabled when the spring.devtools.remote.secret property is set. The
client component must be launched manually.

20.5.1 Running the Remote Client Application

The remote client application is designed to be run from within your IDE. You need to run
org.springframework.boot.devtools.RemoteSpringApplication with the same classpath as
the remote project that you connect to. The application’s single required argument is the
remote URL to which it connects.

For example, if you are using Eclipse or STS and you have a project named my-app that
you have deployed to Cloud Foundry, you would do the following:

Select Run Configurations…​ from the Run menu.

Create a new Java Application “launch configuration”.

Browse for the my-app project.

Use org.springframework.boot.devtools.RemoteSpringApplication as the main class.

Because the remote client is using the same classpath as the real application it
can directly read application properties. This is how the spring.devtools.remote.secret
property is read and passed to the server for authentication.

Tip

It is always advisable to use https:// as the connection protocol, so that traffic
is encrypted and passwords cannot be intercepted.

Tip

If you need to use a proxy to access the remote application, configure the
spring.devtools.remote.proxy.host and spring.devtools.remote.proxy.port properties.

20.5.2 Remote Update

The remote client monitors your application classpath for changes in the same way as the
local restart. Any updated resource is pushed to the
remote application and (if required) triggers a restart. This can be helpful if you
iterate on a feature that uses a cloud service that you do not have locally. Generally,
remote updates and restarts are much quicker than a full rebuild and deploy cycle.

Note

Files are only monitored when the remote client is running. If you change a file
before starting the remote client, it is not pushed to the remote server.

21. Packaging Your Application for Production

Executable jars can be used for production deployment. As they are self-contained, they
are also ideally suited for cloud-based deployment.

22. What to Read Next

You should now understand how you can use Spring Boot and some best practices that you
should follow. You can now go on to learn about specific
Spring Boot features in depth, or you could
skip ahead and read about the “production
ready” aspects of Spring Boot.

Part IV. Spring Boot features

This section dives into the details of Spring Boot. Here you can learn about the key
features that you may want to use and customize. If you have not already done so, you
might want to read the "Part II, “Getting Started”" and
"Part III, “Using Spring Boot”" sections, so that you have a good grounding of the
basics.

23. SpringApplication

The SpringApplication class provides a convenient way to bootstrap a Spring application
that is started from a main() method. In many situations, you can delegate to the
static SpringApplication.run method, as shown in the following example:

By default, INFO logging messages are shown, including some relevant startup details,
such as the user that launched the application. If you need a log level other than INFO,
you can set it, as described in Section 26.4, “Log Levels”,

23.1 Startup Failure

If your application fails to start, registered FailureAnalyzers get a chance to provide
a dedicated error message and a concrete action to fix the problem. For instance, if you
start a web application on port 8080 and that port is already in use, you should see
something similar to the following message:

***************************
APPLICATION FAILED TO START
***************************
Description:
Embedded servlet container failed to start. Port 8080 was already in use.
Action:
Identify and stop the process that's listening on port 8080 or configure this application to listen on another port.

If no failure analyzers are able to handle the exception, you can still display the full
conditions report to better understand what went wrong. To do so, you need to
enable the debug property or
enable DEBUG logging for
org.springframework.boot.autoconfigure.logging.ConditionEvaluationReportLoggingListener.

For instance, if you are running your application by using java -jar, you can enable
the debug property as follows:

$ java -jar myproject-0.0.1-SNAPSHOT.jar --debug

23.2 Customizing the Banner

The banner that is printed on start up can be changed by adding a banner.txt file to
your classpath or by setting the spring.banner.location property to the location of such
a file. If the file has an encoding other than UTF-8, you can set spring.banner.charset.
In addition to a text file, you can also add a banner.gif, banner.jpg, or banner.png
image file to your classpath or set the spring.banner.image.location property. Images
are converted into an ASCII art representation and printed above any text banner.

Inside your banner.txt file, you can use any of the following placeholders:

Table 23.1. Banner variables

Variable

Description

${application.version}

The version number of your application, as declared in MANIFEST.MF. For example,
Implementation-Version: 1.0 is printed as 1.0.

${application.formatted-version}

The version number of your application, as declared in MANIFEST.MF and formatted for
display (surrounded with brackets and prefixed with v). For example (v1.0).

${spring-boot.version}

The Spring Boot version that you are using. For example 2.1.1.BUILD-SNAPSHOT.

${spring-boot.formatted-version}

The Spring Boot version that you are using, formatted for display (surrounded with
brackets and prefixed with v). For example (v2.1.1.BUILD-SNAPSHOT).

The constructor arguments passed to SpringApplication are configuration sources
for Spring beans. In most cases, these are references to @Configuration classes, but
they could also be references to XML configuration or to packages that should be scanned.

There are some restrictions when creating an ApplicationContext hierarchy. For
example, Web components must be contained within the child context, and the same
Environment is used for both parent and child contexts. See the
SpringApplicationBuilder
Javadoc for full details.

23.5 Application Events and Listeners

In addition to the usual Spring Framework events, such as
ContextRefreshedEvent,
a SpringApplication sends some additional application events.

Note

Some events are actually triggered before the ApplicationContext is created, so you
cannot register a listener on those as a @Bean. You can register them with the
SpringApplication.addListeners(…​) method or the
SpringApplicationBuilder.listeners(…​) method.

If you want those listeners to be registered automatically, regardless of the way the
application is created, you can add a META-INF/spring.factories file to your project
and reference your listener(s) by using the
org.springframework.context.ApplicationListener key, as shown in the following example:

Application events are sent in the following order, as your application runs:

An ApplicationStartingEvent is sent at the start of a run but before any processing,
except for the registration of listeners and initializers.

An ApplicationEnvironmentPreparedEvent is sent when the Environment to be used in
the context is known but before the context is created.

An ApplicationPreparedEvent is sent just before the refresh is started but after bean
definitions have been loaded.

An ApplicationStartedEvent is sent after the context has been refreshed but before any
application and command-line runners have been called.

An ApplicationReadyEvent is sent after any application and command-line runners have
been called. It indicates that the application is ready to service requests.

An ApplicationFailedEvent is sent if there is an exception on startup.

Tip

You often need not use application events, but it can be handy to know that they
exist. Internally, Spring Boot uses events to handle a variety of tasks.

Application events are sent by using Spring Framework’s event publishing mechanism. Part
of this mechanism ensures that an event published to the listeners in a child context is
also published to the listeners in any ancestor contexts. As a result of this, if your
application uses a hierarchy of SpringApplication instances, a listener may receive
multiple instances of the same type of application event.

To allow your listener to distinguish between an event for its context and an event for
a descendant context, it should request that its application context is injected and then
compare the injected context with the context of the event. The context can be injected
by implementing ApplicationContextAware or, if the listener is a bean, by using
@Autowired.

23.6 Web Environment

A SpringApplication attempts to create the right type of ApplicationContext on your
behalf. The algorithm used to determine a WebApplicationType is fairly simple:

If Spring MVC is present, an AnnotationConfigServletWebServerApplicationContext is
used

If Spring MVC is not present and Spring WebFlux is present, an
AnnotationConfigReactiveWebServerApplicationContext is used

Otherwise, AnnotationConfigApplicationContext is used

This means that if you are using Spring MVC and the new WebClient from Spring WebFlux in
the same application, Spring MVC will be used by default. You can override that easily
by calling setWebApplicationType(WebApplicationType).

It is also possible to take complete control of the ApplicationContext type that is
used by calling setApplicationContextClass(…​).

Tip

It is often desirable to call setWebApplicationType(WebApplicationType.NONE) when
using SpringApplication within a JUnit test.

23.7 Accessing Application Arguments

If you need to access the application arguments that were passed to
SpringApplication.run(…​), you can inject a
org.springframework.boot.ApplicationArguments bean. The ApplicationArguments
interface provides access to both the raw String[] arguments as well as parsed option
and non-option arguments, as shown in the following example:

Spring Boot also registers a CommandLinePropertySource with the Spring
Environment. This lets you also inject single application arguments by using the
@Value annotation.

23.8 Using the ApplicationRunner or CommandLineRunner

If you need to run some specific code once the SpringApplication has started, you can
implement the ApplicationRunner or CommandLineRunner interfaces. Both interfaces work
in the same way and offer a single run method, which is called just before
SpringApplication.run(…​) completes.

The CommandLineRunner interfaces provides access to application arguments as a simple
string array, whereas the ApplicationRunner uses the ApplicationArguments interface
discussed earlier. The following example shows a CommandLineRunner with a run method:

If several CommandLineRunner or ApplicationRunner beans are defined that must be
called in a specific order, you can additionally implement the
org.springframework.core.Ordered interface or use the
org.springframework.core.annotation.Order annotation.

23.9 Application Exit

Each SpringApplication registers a shutdown hook with the JVM to ensure that the
ApplicationContext closes gracefully on exit. All the standard Spring lifecycle
callbacks (such as the DisposableBean interface or the @PreDestroy annotation) can be
used.

In addition, beans may implement the org.springframework.boot.ExitCodeGenerator
interface if they wish to return a specific exit code when SpringApplication.exit() is
called. This exit code can then be passed to System.exit() to return it as a status
code, as shown in the following example:

Also, the ExitCodeGenerator interface may be implemented by exceptions. When such an
exception is encountered, Spring Boot returns the exit code provided by the implemented
getExitCode() method.

23.10 Admin Features

It is possible to enable admin-related features for the application by specifying the
spring.application.admin.enabled property. This exposes the
SpringApplicationAdminMXBean
on the platform MBeanServer. You could use this feature to administer your Spring Boot
application remotely. This feature could also be useful for any service wrapper
implementation.

Tip

If you want to know on which HTTP port the application is running, get the property
with a key of local.server.port.

Caution

Take care when enabling this feature, as the MBean exposes a method to shutdown
the application.

24. Externalized Configuration

Spring Boot lets you externalize your configuration so that you can work with the same
application code in different environments. You can use properties files, YAML files,
environment variables, and command-line arguments to externalize configuration. Property
values can be injected directly into your beans by using the @Value annotation,
accessed through Spring’s Environment abstraction, or be
bound to structured
objects through @ConfigurationProperties.

Spring Boot uses a very particular PropertySource order that is designed to allow
sensible overriding of values. Properties are considered in the following order:

On your application classpath (for example, inside your jar) you can have an
application.properties file that provides a sensible default property value for name.
When running in a new environment, an application.properties file can be provided
outside of your jar that overrides the name. For one-off testing, you can launch with a
specific command line switch (for example, java -jar app.jar --name="Spring").

Tip

The SPRING_APPLICATION_JSON properties can be supplied on the command line with an
environment variable. For example, you could use the following line in a UN*X
shell:

The random.int* syntax is OPEN value (,max) CLOSE where the OPEN,CLOSE are any
character and value,max are integers. If max is provided, then value is the minimum
value and max is the maximum value (exclusive).

24.2 Accessing Command Line Properties

By default, SpringApplication converts any command line option arguments (that is,
arguments starting with --, such as --server.port=9000) to a property and adds
them to the Spring Environment. As mentioned previously, command line properties always
take precedence over other property sources.

If you do not want command line properties to be added to the Environment, you can
disable them by using SpringApplication.setAddCommandLineProperties(false).

24.3 Application Property Files

SpringApplication loads properties from application.properties files in the following
locations and adds them to the Spring Environment:

A /config subdirectory of the current directory

The current directory

A classpath /config package

The classpath root

The list is ordered by precedence (properties defined in locations higher in the list
override those defined in lower locations).

If you do not like application.properties as the configuration file name, you can
switch to another file name by specifying a spring.config.name environment property.
You can also refer to an explicit location by using the spring.config.location
environment property (which is a comma-separated list of directory locations or file
paths). The following example shows how to specify a different file name:

spring.config.name and spring.config.location are used very early to
determine which files have to be loaded, so they must be defined as an environment
property (typically an OS environment variable, a system property, or a command-line
argument).

If spring.config.location contains directories (as opposed to files), they should end
in / (and, at runtime, be appended with the names generated from spring.config.name
before being loaded, including profile-specific file names). Files specified in
spring.config.location are used as-is, with no support for profile-specific variants,
and are overridden by any profile-specific properties.

Config locations are searched in reverse order. By default, the configured locations are
classpath:/,classpath:/config/,file:./,file:./config/. The resulting search order is
the following:

file:./config/

file:./

classpath:/config/

classpath:/

When custom config locations are configured by using spring.config.location, they
replace the default locations. For example, if spring.config.location is configured with
the value classpath:/custom-config/,file:./custom-config/, the search order becomes the
following:

file:./custom-config/

classpath:custom-config/

Alternatively, when custom config locations are configured by using
spring.config.additional-location, they are used in addition to the default locations.
Additional locations are searched before the default locations. For example, if
additional locations of classpath:/custom-config/,file:./custom-config/ are configured,
the search order becomes the following:

file:./custom-config/

classpath:custom-config/

file:./config/

file:./

classpath:/config/

classpath:/

This search ordering lets you specify default values in one configuration file and then
selectively override those values in another. You can provide default values for your
application in application.properties (or whatever other basename you choose with
spring.config.name) in one of the default locations. These default values can then be
overridden at runtime with a different file located in one of the custom locations.

Note

If you use environment variables rather than system properties, most operating
systems disallow period-separated key names, but you can use underscores instead (for
example, SPRING_CONFIG_NAME instead of spring.config.name).

Note

If your application runs in a container, then JNDI properties (in java:comp/env)
or servlet context initialization parameters can be used instead of, or as well as,
environment variables or system properties.

24.4 Profile-specific Properties

In addition to application.properties files, profile-specific properties can also be
defined by using the following naming convention: application-{profile}.properties. The
Environment has a set of default profiles (by default, [default]) that are used if no
active profiles are set. In other words, if no profiles are explicitly activated, then
properties from application-default.properties are loaded.

Profile-specific properties are loaded from the same locations as standard
application.properties, with profile-specific files always overriding the non-specific
ones, whether or not the profile-specific files are inside or outside your
packaged jar.

If several profiles are specified, a last-wins strategy applies. For example, profiles
specified by the spring.profiles.active property are added after those configured
through the SpringApplication API and therefore take precedence.

Note

If you have specified any files in spring.config.location, profile-specific
variants of those files are not considered. Use directories in
spring.config.location if you want to also use profile-specific properties.

24.5 Placeholders in Properties

The values in application.properties are filtered through the existing Environment
when they are used, so you can refer back to previously defined values (for example, from
System properties).

If you’re looking for a secure way to store credentials and passwords, the
Spring Cloud Vault project provides
support for storing externalized configuration in
HashiCorp Vault.

24.7 Using YAML Instead of Properties

YAML is a superset of JSON and, as such, is a convenient format for
specifying hierarchical configuration data. The SpringApplication class automatically
supports YAML as an alternative to properties whenever you have the
SnakeYAML library on your classpath.

Note

If you use “Starters”, SnakeYAML is automatically provided by
spring-boot-starter.

24.7.1 Loading YAML

Spring Framework provides two convenient classes that can be used to load YAML documents.
The YamlPropertiesFactoryBean loads YAML as Properties and the YamlMapFactoryBean
loads YAML as a Map.

YAML lists are represented as property keys with [index] dereferencers. For example,
consider the following YAML:

my:
servers:
- dev.example.com
- another.example.com

The preceding example would be transformed into these properties:

my.servers[0]=dev.example.com
my.servers[1]=another.example.com

To bind to properties like that by using Spring Boot’s Binder utilities (which is what
@ConfigurationProperties does), you need to have a property in the target bean of type
java.util.List (or Set) and you either need to provide a setter or initialize it with
a mutable value. For example, the following example binds to the properties shown
previously:

24.7.2 Exposing YAML as Properties in the Spring Environment

The YamlPropertySourceLoader class can be used to expose YAML as a PropertySource in
the Spring Environment. Doing so lets you use the @Value annotation with placeholders
syntax to access YAML properties.

24.7.3 Multi-profile YAML Documents

You can specify multiple profile-specific YAML documents in a single file by using a
spring.profiles key to indicate when the document applies, as shown in the following
example:

In the preceding example, if the development profile is active, the server.address
property is 127.0.0.1. Similarly, if the productionandeu-central profiles are
active, the server.address property is 192.168.1.120. If the development,
production and eu-central profiles are not enabled, then the value for the property
is 192.168.1.100.

Note

spring.profiles can therefore contain a simple profile name (for example production)
or a profile expression. A profile expression allows for more complicated profile logic
to be expressed, for example production & (eu-central | eu-west). Check the
reference guide for more
details.

If none are explicitly active when the application context starts, the default profiles
are activated. So, in the following YAML, we set a value for spring.security.user.password
that is available only in the "default" profile:

Whereas, in the following example, the password is always set because it is not attached
to any profile, and it would have to be explicitly reset in all other profiles as
necessary:

server:
port: 8000spring:
security:
user:
password: weak

Spring profiles designated by using the spring.profiles element may optionally be
negated by using the ! character. If both negated and non-negated profiles are
specified for a single document, at least one non-negated profile must match, and no
negated profiles may match.

24.7.4 YAML Shortcomings

YAML files cannot be loaded by using the @PropertySource annotation. So, in the case
that you need to load values that way, you need to use a properties file.

24.8 Type-safe Configuration Properties

Using the @Value("${property}") annotation to inject configuration properties can
sometimes be cumbersome, especially if you are working with multiple properties or your
data is hierarchical in nature. Spring Boot provides an alternative method of working
with properties that lets strongly typed beans govern and validate the configuration of
your application, as shown in the following example:

acme.security.username, with a nested "security" object whose name is determined by
the name of the property. In particular, the return type is not used at all there and
could have been SecurityProperties.

acme.security.password.

acme.security.roles, with a collection of String.

Note

Getters and setters are usually mandatory, since binding is through standard Java Beans
property descriptors, just like in Spring MVC. A setter may be omitted in the following
cases:

Maps, as long as they are initialized, need a getter but not necessarily a setter,
since they can be mutated by the binder.

Collections and arrays can be accessed either through an index (typically with YAML) or
by using a single comma-separated value (properties). In the latter case, a setter is
mandatory. We recommend to always add a setter for such types. If you initialize a
collection, make sure it is not immutable (as in the preceding example).

If nested POJO properties are initialized (like the Security field in the preceding
example), a setter is not required. If you want the binder to create the instance on the
fly by using its default constructor, you need a setter.

Some people use Project Lombok to add getters and setters automatically. Make sure that
Lombok does not generate any particular constructor for such a type, as it is used
automatically by the container to instantiate the object.

Finally, only standard Java Bean properties are considered and binding on static
properties is not supported.

When the @ConfigurationProperties bean is registered that way, the bean has a
conventional name: <prefix>-<fqn>, where <prefix> is the environment key prefix
specified in the @ConfigurationProperties annotation and <fqn> is the fully qualified
name of the bean. If the annotation does not provide any prefix, only the fully qualified
name of the bean is used.

The bean name in the example above is acme-com.example.AcmeProperties.

Even if the preceding configuration creates a regular bean for AcmeProperties, we
recommend that @ConfigurationProperties only deal with the environment and, in
particular, does not inject other beans from the context. Having said that, the
@EnableConfigurationProperties annotation is also automatically applied to your
project so that any existing bean annotated with @ConfigurationProperties is
configured from the Environment. You could shortcut MyConfiguration by making sure
AcmeProperties is already a bean, as shown in the following example:

Using @ConfigurationProperties also lets you generate metadata files that can be
used by IDEs to offer auto-completion for your own keys. See the
Appendix B, Configuration Metadata appendix for details.

24.8.1 Third-party Configuration

As well as using @ConfigurationProperties to annotate a class, you can also use it on
public @Bean methods. Doing so can be particularly useful when you want to bind
properties to third-party components that are outside of your control.

To configure a bean from the Environment properties, add @ConfigurationProperties to
its bean registration, as shown in the following example:

Any property defined with the another prefix is mapped onto that AnotherComponent bean
in manner similar to the preceding AcmeProperties example.

24.8.2 Relaxed Binding

Spring Boot uses some relaxed rules for binding Environment properties to
@ConfigurationProperties beans, so there does not need to be an exact match between the
Environment property name and the bean property name. Common examples where this is
useful include dash-separated environment properties (for example, context-path binds
to contextPath), and capitalized environment properties (for example, PORT binds to
port).

In the preceding example, the following properties names can all be used:

Table 24.1. relaxed binding

Property

Note

acme.my-project.person.first-name

Kebab case, which is recommended for use in .properties and .yml files.

acme.myProject.person.firstName

Standard camel case syntax.

acme.my_project.person.first_name

Underscore notation, which is an alternative format for use in .properties and .yml
files.

ACME_MYPROJECT_PERSON_FIRSTNAME

Upper case format, which is recommended when using system environment variables.

Note

The prefix value for the annotation must be in kebab case (lowercase and
separated by -, such as acme.my-project.person).

Table 24.2. relaxed binding rules per property source

Property Source

Simple

List

Properties Files

Camel case, kebab case, or underscore notation

Standard list syntax using [ ] or comma-separated values

YAML Files

Camel case, kebab case, or underscore notation

Standard YAML list syntax or comma-separated values

Environment Variables

Upper case format with underscore as the delimiter. _ should not be used within a
property name

Numeric values surrounded by underscores, such as MY_ACME_1_OTHER = my.acme[1].other

System properties

Camel case, kebab case, or underscore notation

Standard list syntax using [ ] or comma-separated values

Tip

We recommend that, when possible, properties are stored in lower-case kebab format,
such as my.property-name=acme.

When binding to Map properties, if the key contains anything other than lowercase
alpha-numeric characters or -, you need to use the bracket notation so that the original
value is preserved. If the key is not surrounded by [], any characters that are not alpha-numeric
or - are removed. For example, consider binding the following properties to a Map:

acme:
map:
"[/key1]": value1
"[/key2]": value2
/key3: value3

The properties above will bind to a Map with /key1, /key2 and key3 as the keys in the map.

24.8.3 Merging Complex Types

When lists are configured in more than one place, overriding works by replacing the entire
list.

For example, assume a MyPojo object with name and description attributes that are
null by default. The following example exposes a list of MyPojo objects from
AcmeProperties:

If the dev profile is not active, AcmeProperties.list contains one MyPojo entry,
as previously defined. If the dev profile is enabled, however, the liststill
contains only one entry (with a name of my another name and a description of null).
This configuration does not add a second MyPojo instance to the list, and it does not
merge the items.

When a List is specified in multiple profiles, the one with the highest priority
(and only that one) is used. Consider the following example:

In the preceding example, if the dev profile is active, AcmeProperties.list contains
oneMyPojo entry (with a name of my another name and a description of null).
For YAML, both comma-separated lists and YAML lists can be used for
completely overriding the contents of the list.

For Map properties, you can bind with property values drawn from multiple sources. However,
for the same property in multiple sources, the one with the highest priority is used.
The following example exposes a Map<String, MyPojo> from AcmeProperties:

If the dev profile is not active, AcmeProperties.map contains one entry with key key1
(with a name of my name 1 and a description of my description 1).
If the dev profile is enabled, however, map contains two entries with keys key1
(with a name of dev name 1 and a description of my description 1) and
key2 (with a name of dev name 2 and a description of dev description 2).

Note

The preceding merging rules apply to properties from all property sources and not just
YAML files.

24.8.4 Properties Conversion

Spring Boot attempts to coerce the external application properties to the right type when
it binds to the @ConfigurationProperties beans. If you need custom type conversion, you
can provide a ConversionService bean (with a bean named conversionService) or custom
property editors (through a CustomEditorConfigurer bean) or custom Converters (with
bean definitions annotated as @ConfigurationPropertiesBinding).

Note

As this bean is requested very early during the application lifecycle, make sure to
limit the dependencies that your ConversionService is using. Typically, any dependency
that you require may not be fully initialized at creation time. You may want to rename
your custom ConversionService if it is not required for configuration keys coercion and
only rely on custom converters qualified with @ConfigurationPropertiesBinding.

Converting durations

Spring Boot has dedicated support for expressing durations. If you expose a
java.time.Duration property, the following formats in application properties are
available:

A regular long representation (using milliseconds as the default unit unless a
@DurationUnit has been specified)

To specify a session timeout of 30 seconds, 30, PT30S and 30s are all equivalent. A
read timeout of 500ms can be specified in any of the following form: 500, PT0.5S and
500ms.

You can also use any of the supported units. These are:

ns for nanoseconds

us for microseconds

ms for milliseconds

s for seconds

m for minutes

h for hours

d for days

The default unit is milliseconds and can be overridden using @DurationUnit as illustrated
in the sample above.

Tip

If you are upgrading from a previous version that is simply using Long to express
the duration, make sure to define the unit (using @DurationUnit) if it isn’t
milliseconds alongside the switch to Duration. Doing so gives a transparent upgrade path
while supporting a much richer format.

Converting Data Sizes

Spring Framework has a DataSize value type that allows to express size in bytes. If you
expose a DataSize property, the following formats in application properties are
available:

A regular long representation (using bytes as the default unit unless a
@DataSizeUnit has been specified)

A more readable format where the value and the unit are coupled (e.g. 10MB means 10
megabytes)

To specify a buffer size of 10 megabytes, 10 and 10MB are equivalent. A size threshold
of 256 bytes can be specified as 256 or 256B.

You can also use any of the supported units. These are:

B for bytes

KB for kilobytes

MB for megabytes

GB for gigabytes

TB for terabytes

The default unit is bytes and can be overridden using @DataSizeUnit as illustrated
in the sample above.

Tip

If you are upgrading from a previous version that is simply using Long to express
the size, make sure to define the unit (using @DataSizeUnit) if it isn’t bytes alongside
the switch to DataSize. Doing so gives a transparent upgrade path while supporting a
much richer format.

24.8.5 @ConfigurationProperties Validation

Spring Boot attempts to validate @ConfigurationProperties classes whenever they are
annotated with Spring’s @Validated annotation. You can use JSR-303 javax.validation
constraint annotations directly on your configuration class. To do so, ensure that a
compliant JSR-303 implementation is on your classpath and then add constraint annotations
to your fields, as shown in the following example:

You can also trigger validation by annotating the @Bean method that creates the
configuration properties with @Validated.

Although nested properties will also be validated when bound, it’s good practice to
also annotate the associated field as @Valid. This ensure that validation is triggered
even if no nested properties are found. The following example builds on the preceding
AcmeProperties example:

You can also add a custom Spring Validator by creating a bean definition called
configurationPropertiesValidator. The @Bean method should be declared static. The
configuration properties validator is created very early in the application’s lifecycle,
and declaring the @Bean method as static lets the bean be created without having to
instantiate the @Configuration class. Doing so avoids any problems that may be caused
by early instantiation. There is a
property
validation sample that shows how to set things up.

Tip

The spring-boot-actuator module includes an endpoint that exposes all
@ConfigurationProperties beans. Point your web browser to
/actuator/configprops or use the equivalent JMX endpoint. See the
"Production ready features"
section for details.

24.8.6 @ConfigurationProperties vs. @Value

The @Value annotation is a core container feature, and it does not provide the same
features as type-safe configuration properties. The following table summarizes the
features that are supported by @ConfigurationProperties and @Value:

If you define a set of configuration keys for your own components, we recommend you
group them in a POJO annotated with @ConfigurationProperties. You should also be aware
that, since @Value does not support relaxed binding, it is not a good candidate if you
need to provide the value by using environment variables.

25. Profiles

Spring Profiles provide a way to segregate parts of your application configuration and
make it be available only in certain environments. Any @Component or @Configuration
can be marked with @Profile to limit when it is loaded, as shown in the following
example:

You can use a spring.profiles.activeEnvironment property to specify which profiles
are active. You can specify the property in any of the ways described earlier in this
chapter. For example, you could include it in your application.properties, as shown in
the following example:

spring.profiles.active=dev,hsqldb

You could also specify it on the command line by using the following switch:
--spring.profiles.active=dev,hsqldb.

25.1 Adding Active Profiles

The spring.profiles.active property follows the same ordering rules as other
properties: The highest PropertySource wins. This means that you can specify active
profiles in application.properties and then replace them by using the command line
switch.

Sometimes, it is useful to have profile-specific properties that add to the active
profiles rather than replace them. The spring.profiles.include property can be used to
unconditionally add active profiles. The SpringApplication entry point also has a Java
API for setting additional profiles (that is, on top of those activated by the
spring.profiles.active property). See the setAdditionalProfiles() method in
SpringApplication.

For example, when an application with the following properties is run by using the
switch, --spring.profiles.active=prod, the proddb and prodmq profiles are also
activated:

25.2 Programmatically Setting Profiles

You can programmatically set active profiles by calling
SpringApplication.setAdditionalProfiles(…​) before your application runs. It is also
possible to activate profiles by using Spring’s ConfigurableEnvironment interface.

25.3 Profile-specific Configuration Files

Profile-specific variants of both application.properties (or application.yml) and
files referenced through @ConfigurationProperties are considered as files and loaded.
See "Section 24.4, “Profile-specific Properties”" for details.

26. Logging

Spring Boot uses Commons Logging for all internal
logging but leaves the underlying log implementation open. Default configurations are
provided for
Java Util
Logging, Log4J2, and
Logback. In each case, loggers are pre-configured to use console
output with optional file output also available.

By default, if you use the “Starters”, Logback is used for logging. Appropriate Logback
routing is also included to ensure that dependent libraries that use Java Util Logging,
Commons Logging, Log4J, or SLF4J all work correctly.

Tip

There are a lot of logging frameworks available for Java. Do not worry if the above
list seems confusing. Generally, you do not need to change your logging dependencies and
the Spring Boot defaults work just fine.

26.1 Log Format

The default log output from Spring Boot resembles the following example:

Logger name: This is usually the source class name (often abbreviated).

The log message.

Note

Logback does not have a FATAL level. It is mapped to ERROR.

26.2 Console Output

The default log configuration echoes messages to the console as they are written. By
default, ERROR-level, WARN-level, and INFO-level messages are logged. You can also
enable a “debug” mode by starting your application with a --debug flag.

$ java -jar myapp.jar --debug

Note

You can also specify debug=true in your application.properties.

When the debug mode is enabled, a selection of core loggers (embedded container,
Hibernate, and Spring Boot) are configured to output more information. Enabling the debug
mode does not configure your application to log all messages with DEBUG level.

Alternatively, you can enable a “trace” mode by starting your application with a
--trace flag (or trace=true in your application.properties). Doing so enables trace
logging for a selection of core loggers (embedded container, Hibernate schema generation,
and the whole Spring portfolio).

26.2.1 Color-coded Output

If your terminal supports ANSI, color output is used to aid readability. You can set
spring.output.ansi.enabled to a
supported value to override the auto
detection.

Color coding is configured by using the %clr conversion word. In its simplest form, the
converter colors the output according to the log level, as shown in the following
example:

%clr(%5p)

The following table describes the mapping of log levels to colors:

Level

Color

FATAL

Red

ERROR

Red

WARN

Yellow

INFO

Green

DEBUG

Green

TRACE

Green

Alternatively, you can specify the color or style that should be used by providing it as
an option to the conversion. For example, to make the text yellow, use the following
setting:

%clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){yellow}

The following colors and styles are supported:

blue

cyan

faint

green

magenta

red

yellow

26.3 File Output

By default, Spring Boot logs only to the console and does not write log files. If you
want to write log files in addition to the console output, you need to set a
logging.file or logging.path property (for example, in your
application.properties).

The following table shows how the logging.* properties can be used together:

Table 26.1. Logging properties

logging.file

logging.path

Example

Description

(none)

(none)

Console only logging.

Specific file

(none)

my.log

Writes to the specified log file. Names can be an exact location or relative to the
current directory.

(none)

Specific directory

/var/log

Writes spring.log to the specified directory. Names can be an exact location or
relative to the current directory.

Log files rotate when they reach 10 MB and, as with console output, ERROR-level,
WARN-level, and INFO-level messages are logged by default. Size limits can be changed
using the logging.file.max-size property. Previously rotated files are archived
indefinitely unless the logging.file.max-history property has been set.

Note

The logging system is initialized early in the application lifecycle. Consequently,
logging properties are not found in property files loaded through @PropertySource
annotations.

Tip

Logging properties are independent of the actual logging infrastructure. As a
result, specific configuration keys (such as logback.configurationFile for Logback) are
not managed by spring Boot.

26.4 Log Levels

All the supported logging systems can have the logger levels set in the Spring
Environment (for example, in application.properties) by using
logging.level.<logger-name>=<level> where level is one of TRACE, DEBUG, INFO, WARN,
ERROR, FATAL, or OFF. The root logger can be configured by using logging.level.root.

The following example shows potential logging settings in application.properties:

26.5 Log Groups

It’s often useful to be able to group related loggers together so that they can all be
configured at the same time. For example, you might commonly change the logging levels for
all Tomcat related loggers, but you can’t easily remember top level packages.

To help with this, Spring Boot allows you to define logging groups in your Spring
Environment. For example, here’s how you could define a “tomcat” group by adding
it to your application.properties:

26.6 Custom Log Configuration

The various logging systems can be activated by including the appropriate libraries on
the classpath and can be further customized by providing a suitable configuration file in
the root of the classpath or in a location specified by the following Spring Environment
property: logging.config.

You can force Spring Boot to use a particular logging system by using the
org.springframework.boot.logging.LoggingSystem system property. The value should be the
fully qualified class name of a LoggingSystem implementation. You can also disable
Spring Boot’s logging configuration entirely by using a value of none.

Note

Since logging is initialized before the ApplicationContext is created, it is
not possible to control logging from @PropertySources in Spring @Configuration files.
The only way to change the logging system or disable it entirely is via System properties.

When possible, we recommend that you use the -spring variants for your logging
configuration (for example, logback-spring.xml rather than logback.xml). If you use
standard configuration locations, Spring cannot completely control log initialization.

Warning

There are known classloading issues with Java Util Logging that cause problems
when running from an 'executable jar'. We recommend that you avoid it when running from
an 'executable jar' if at all possible.

To help with the customization, some other properties are transferred from the Spring
Environment to System properties, as described in the following table:

If you want to use a placeholder in a logging property, you should use
Spring Boot’s syntax and not
the syntax of the underlying framework. Notably, if you use Logback, you should use :
as the delimiter between a property name and its default value and not use :-.

Tip

You can add MDC and other ad-hoc content to log lines by overriding only the
LOG_LEVEL_PATTERN (or logging.pattern.level with Logback). For example, if you use
logging.pattern.level=user:%X{user} %5p, then the default log format contains an MDC
entry for "user", if it exists, as shown in the following example.

26.7 Logback Extensions

Spring Boot includes a number of extensions to Logback that can help with advanced
configuration. You can use these extensions in your logback-spring.xml configuration
file.

Note

Because the standard logback.xml configuration file is loaded too early, you
cannot use extensions in it. You need to either use logback-spring.xml or define a
logging.config property.

Warning

The extensions cannot be used with Logback’s
configuration scanning. If you
attempt to do so, making changes to the configuration file results in an error similar to
one of the following being logged:

ERROR in [email protected]:71 - no applicable action for [springProperty], current ElementPath is [[configuration][springProperty]]
ERROR in [email protected]:71 - no applicable action for [springProfile], current ElementPath is [[configuration][springProfile]]

26.7.1 Profile-specific Configuration

The <springProfile> tag lets you optionally include or exclude sections of
configuration based on the active Spring profiles. Profile sections are supported
anywhere within the <configuration> element. Use the name attribute to specify which
profile accepts the configuration. The <springProfile> tag can contain a simple profile
name (for example staging) or a profile expression. A profile expression allows for more
complicated profile logic to be expressed, for example
production & (eu-central | eu-west). Check the
reference guide for more
details. The following listing shows three sample profiles:

<springProfilename="staging"><!-- configuration to be enabled when the "staging" profile is active --></springProfile><springProfilename="dev | staging"><!-- configuration to be enabled when the "dev" or "staging" profiles are active --></springProfile><springProfilename="!production"><!-- configuration to be enabled when the "production" profile is not active --></springProfile>

26.7.2 Environment Properties

The <springProperty> tag lets you expose properties from the Spring Environment for
use within Logback. Doing so can be useful if you want to access values from your
application.properties file in your Logback configuration. The tag works in a similar
way to Logback’s standard <property> tag. However, rather than specifying a direct
value, you specify the source of the property (from the Environment). If you need
to store the property somewhere other than in local scope, you can use the scope
attribute. If you need a fallback value (in case the property is not set in the
Environment), you can use the defaultValue attribute. The following example shows how
to expose properties for use within Logback:

The source must be specified in kebab case (such as my.property-name).
However, properties can be added to the Environment by using the relaxed rules.

27. JSON

Spring Boot provides integration with three JSON mapping libraries:

Gson

Jackson

JSON-B

Jackson is the preferred and default library.

27.1 Jackson

Auto-configuration for Jackson is provided and Jackson is part of
spring-boot-starter-json. When Jackson is on the classpath an ObjectMapper
bean is automatically configured. Several configuration properties are provided for
customizing the configuration of the
ObjectMapper.

27.2 Gson

Auto-configuration for Gson is provided. When Gson is on the classpath a Gson bean is
automatically configured. Several spring.gson.* configuration properties are
provided for customizing the configuration. To take more control, one or more
GsonBuilderCustomizer beans can be used.

27.3 JSON-B

Auto-configuration for JSON-B is provided. When the JSON-B API and an implementation are
on the classpath a Jsonb bean will be automatically configured. The preferred JSON-B
implementation is Apache Johnzon for which dependency management is provided.

28. Developing Web Applications

Spring Boot is well suited for web application development. You can create a
self-contained HTTP server by using embedded Tomcat, Jetty, Undertow, or Netty. Most web
applications use the spring-boot-starter-web module to get up and running quickly. You
can also choose to build reactive web applications by using the
spring-boot-starter-webflux module.

If you have not yet developed a Spring Boot web application, you can follow the
"Hello World!" example in the
Getting started section.

Spring MVC is part of the core Spring Framework, and detailed information is available in
the reference documentation. There are also several
guides that cover Spring MVC available at spring.io/guides.

28.1.1 Spring MVC Auto-configuration

Spring Boot provides auto-configuration for Spring MVC that works well with most
applications.

The auto-configuration adds the following features on top of Spring’s defaults:

Inclusion of ContentNegotiatingViewResolver and BeanNameViewResolver beans.

If you want to keep Spring Boot MVC features and you want to add additional
MVC configuration (interceptors, formatters, view
controllers, and other features), you can add your own @Configuration class of type
WebMvcConfigurer but without@EnableWebMvc. If you wish to provide custom
instances of RequestMappingHandlerMapping, RequestMappingHandlerAdapter, or
ExceptionHandlerExceptionResolver, you can declare a WebMvcRegistrationsAdapter
instance to provide such components.

If you want to take complete control of Spring MVC, you can add your own @Configuration
annotated with @EnableWebMvc.

28.1.2 HttpMessageConverters

Spring MVC uses the HttpMessageConverter interface to convert HTTP requests and
responses. Sensible defaults are included out of the box. For example, objects can be
automatically converted to JSON (by using the Jackson library) or XML (by using the
Jackson XML extension, if available, or by using JAXB if the Jackson XML extension is not
available). By default, strings are encoded in UTF-8.

If you need to add or customize converters, you can use Spring Boot’s
HttpMessageConverters class, as shown in the following listing:

Any HttpMessageConverter bean that is present in the context is added to the list of
converters. You can also override default converters in the same way.

28.1.3 Custom JSON Serializers and Deserializers

If you use Jackson to serialize and deserialize JSON data, you might want to write your
own JsonSerializer and JsonDeserializer classes. Custom serializers are usually
registered with Jackson through
a module, but Spring Boot provides an alternative @JsonComponent annotation that makes
it easier to directly register Spring Beans.

You can use the @JsonComponent annotation directly on JsonSerializer or
JsonDeserializer implementations. You can also use it on classes that contain
serializers/deserializers as inner classes, as shown in the following example:

28.1.4 MessageCodesResolver

Spring MVC has a strategy for generating error codes for rendering error messages from
binding errors: MessageCodesResolver. If you set the
spring.mvc.message-codes-resolver.format property PREFIX_ERROR_CODE or
POSTFIX_ERROR_CODE, Spring Boot creates one for you (see the enumeration in
DefaultMessageCodesResolver.Format).

28.1.5 Static Content

By default, Spring Boot serves static content from a directory called /static (or
/public or /resources or /META-INF/resources) in the classpath or from the root of
the ServletContext. It uses the ResourceHttpRequestHandler from Spring MVC so that
you can modify that behavior by adding your own WebMvcConfigurer and overriding the
addResourceHandlers method.

In a stand-alone web application, the default servlet from the container is also enabled
and acts as a fallback, serving content from the root of the ServletContext if Spring
decides not to handle it. Most of the time, this does not happen (unless you modify the
default MVC configuration), because Spring can always handle requests through the
DispatcherServlet.

By default, resources are mapped on /**, but you can tune that with the
spring.mvc.static-path-pattern property. For instance, relocating all resources to
/resources/** can be achieved as follows:

spring.mvc.static-path-pattern=/resources/**

You can also customize the static resource locations by using the
spring.resources.static-locations property (replacing the default values with a list of
directory locations). The root Servlet context path, "/", is automatically added as a
location as well.

In addition to the “standard” static resource locations mentioned earlier, a special
case is made for Webjars content. Any resources with a path in
/webjars/** are served from jar files if they are packaged in the Webjars format.

Tip

Do not use the src/main/webapp directory if your application is packaged as a jar.
Although this directory is a common standard, it works only with war packaging, and it
is silently ignored by most build tools if you generate a jar.

Spring Boot also supports the advanced resource handling features provided by Spring MVC,
allowing use cases such as cache-busting static resources or using version agnostic URLs
for Webjars.

To use version agnostic URLs for Webjars, add the webjars-locator-core dependency.
Then declare your Webjar. Using jQuery as an example, adding
"/webjars/jquery/jquery.min.js" results in
"/webjars/jquery/x.y.z/jquery.min.js". where x.y.z is the Webjar version.

Note

If you use JBoss, you need to declare the webjars-locator-jboss-vfs
dependency instead of the webjars-locator-core. Otherwise, all Webjars resolve as a
404.

To use cache busting, the following configuration configures a cache busting solution for
all static resources, effectively adding a content hash, such as
<link href="/css/spring-2a2d595e6ed9a0b24f027f2b63b134d6.css"/>, in URLs:

Links to resources are rewritten in templates at runtime, thanks to a
ResourceUrlEncodingFilter that is auto-configured for Thymeleaf and FreeMarker. You
should manually declare this filter when using JSPs. Other template engines are currently
not automatically supported but can be with custom template macros/helpers and the use of
the
ResourceUrlProvider.

When loading resources dynamically with, for example, a JavaScript module loader,
renaming files is not an option. That is why other strategies are also supported and can
be combined. A "fixed" strategy adds a static version string in the URL without changing
the file name, as shown in the following example:

With this configuration, JavaScript modules located under "/js/lib/" use a fixed
versioning strategy ("/v12/js/lib/mymodule.js"), while other resources still use the
content one (<link href="/css/spring-2a2d595e6ed9a0b24f027f2b63b134d6.css"/>).

28.1.6 Welcome Page

Spring Boot supports both static and templated welcome pages. It first looks for an
index.html file in the configured static content locations. If one is not found, it
then looks for an index template. If either is found, it is automatically used as the
welcome page of the application.

28.1.7 Custom Favicon

Spring Boot looks for a favicon.ico in the configured static content locations and the
root of the classpath (in that order). If such a file is present, it is automatically
used as the favicon of the application.

28.1.8 Path Matching and Content Negotiation

Spring MVC can map incoming HTTP requests to handlers by looking at the request path and
matching it to the mappings defined in your application (for example, @GetMapping
annotations on Controller methods).

Spring Boot chooses to disable suffix pattern matching by default, which means that
requests like "GET /projects/spring-boot.json" won’t be matched to
@GetMapping("/projects/spring-boot") mappings.
This is considered as a
best practice
for Spring MVC applications. This feature was mainly useful in the past for HTTP
clients which did not send proper "Accept" request headers; we needed to make sure
to send the correct Content Type to the client. Nowadays, Content Negotiation
is much more reliable.

There are other ways to deal with HTTP clients that don’t consistently send proper
"Accept" request headers. Instead of using suffix matching, we can use a query
parameter to ensure that requests like "GET /projects/spring-boot?format=json"
will be mapped to @GetMapping("/projects/spring-boot"):

spring.mvc.contentnegotiation.favor-parameter=true
# We can change the parameter name, which is "format" by default:# spring.mvc.contentnegotiation.parameter-name=myparam# We can also register additional file extensions/media types with:spring.mvc.contentnegotiation.media-types.markdown=text/markdown

If you understand the caveats and would still like your application to use
suffix pattern matching, the following configuration is required:

28.1.9 ConfigurableWebBindingInitializer

Spring MVC uses a WebBindingInitializer to initialize a WebDataBinder for a
particular request. If you create your own ConfigurableWebBindingInitializer@Bean,
Spring Boot automatically configures Spring MVC to use it.

28.1.10 Template Engines

As well as REST web services, you can also use Spring MVC to serve dynamic HTML content.
Spring MVC supports a variety of templating technologies, including Thymeleaf,
FreeMarker, and JSPs. Also, many other templating engines include their own Spring MVC
integrations.

Spring Boot includes auto-configuration support for the following templating engines:

If possible, JSPs should be avoided. There are several
known limitations when using them with embedded
servlet containers.

When you use one of these templating engines with the default configuration, your
templates are picked up automatically from src/main/resources/templates.

Tip

Depending on how you run your application, IntelliJ IDEA orders the classpath
differently. Running your application in the IDE from its main method results in a
different ordering than when you run your application by using Maven or Gradle or from
its packaged jar. This can cause Spring Boot to fail to find the templates on the
classpath. If you have this problem, you can reorder the classpath in the IDE to place
the module’s classes and resources first. Alternatively, you can configure the template
prefix to search every templates directory on the classpath, as follows:
classpath*:/templates/.

28.1.11 Error Handling

By default, Spring Boot provides an /error mapping that handles all errors in a
sensible way, and it is registered as a “global” error page in the servlet container.
For machine clients, it produces a JSON response with details of the error, the HTTP
status, and the exception message. For browser clients, there is a “whitelabel” error
view that renders the same data in HTML format (to customize it, add a View that
resolves to error). To replace the default behavior completely, you can implement
ErrorController and register a bean definition of that type or add a bean of type
ErrorAttributes to use the existing mechanism but replace the contents.

Tip

The BasicErrorController can be used as a base class for a custom
ErrorController. This is particularly useful if you want to add a handler for a new
content type (the default is to handle text/html specifically and provide a fallback
for everything else). To do so, extend BasicErrorController, add a public method with a
@RequestMapping that has a produces attribute, and create a bean of your new type.

You can also define a class annotated with @ControllerAdvice to customize the JSON
document to return for a particular controller and/or exception type, as shown in the
following example:

In the preceding example, if YourException is thrown by a controller defined in the
same package as AcmeController, a JSON representation of the CustomErrorType POJO is
used instead of the ErrorAttributes representation.

Custom Error Pages

If you want to display a custom HTML error page for a given status code, you can add a
file to an /error folder. Error pages can either be static HTML (that is, added under
any of the static resource folders) or be built by using templates. The name of the file
should be the exact status code or a series mask.

For example, to map 404 to a static HTML file, your folder structure would be as
follows:

Mapping Error Pages outside of Spring MVC

For applications that do not use Spring MVC, you can use the ErrorPageRegistrar
interface to directly register ErrorPages. This abstraction works directly with the
underlying embedded servlet container and works even if you do not have a Spring MVC
DispatcherServlet.

If you register an ErrorPage with a path that ends up being handled by a Filter
(as is common with some non-Spring web frameworks, like Jersey and Wicket), then the
Filter has to be explicitly registered as an ERROR dispatcher, as shown in the
following example:

Note that the default FilterRegistrationBean does not include the ERROR dispatcher
type.

CAUTION:When deployed to a servlet container, Spring Boot uses its error page filter to
forward a request with an error status to the appropriate error page. The request can only
be forwarded to the correct error page if the response has not already been committed. By
default, WebSphere Application Server 8.0 and later commits the response upon successful
completion of a servlet’s service method. You should disable this behavior by setting
com.ibm.ws.webcontainer.invokeFlushAfterService to false.

28.1.12 Spring HATEOAS

If you develop a RESTful API that makes use of hypermedia, Spring Boot provides
auto-configuration for Spring HATEOAS that works well with most applications. The
auto-configuration replaces the need to use @EnableHypermediaSupport and registers a
number of beans to ease building hypermedia-based applications, including a
LinkDiscoverers (for client side support) and an ObjectMapper configured to correctly
marshal responses into the desired representation. The ObjectMapper is customized by
setting the various spring.jackson.* properties or, if one exists, by a
Jackson2ObjectMapperBuilder bean.

You can take control of Spring HATEOAS’s configuration by using
@EnableHypermediaSupport. Note that doing so disables the ObjectMapper customization
described earlier.

28.2 The “Spring WebFlux Framework”

Spring WebFlux is the new reactive web framework introduced in Spring Framework 5.0.
Unlike Spring MVC, it does not require the Servlet API, is fully asynchronous and
non-blocking, and implements the Reactive Streams
specification through the Reactor project.

Spring WebFlux comes in two flavors: functional and annotation-based. The
annotation-based one is quite close to the Spring MVC model, as shown in the
following example:

You can define as many RouterFunction beans as you like to modularize the
definition of the router. Beans can be ordered if you need to apply a precedence.

To get started, add the spring-boot-starter-webflux module to your application.

Note

Adding both spring-boot-starter-web and spring-boot-starter-webflux modules in
your application results in Spring Boot auto-configuring Spring MVC, not WebFlux. This
behavior has been chosen because many Spring developers add spring-boot-starter-webflux
to their Spring MVC application to use the reactive WebClient. You can still enforce
your choice by setting the chosen application type to
SpringApplication.setWebApplicationType(WebApplicationType.REACTIVE).

28.2.1 Spring WebFlux Auto-configuration

Spring Boot provides auto-configuration for Spring WebFlux that works well with most
applications.

The auto-configuration adds the following features on top of Spring’s defaults:

If you want to keep Spring Boot WebFlux features and you want to add additional
WebFlux configuration, you can add your own
@Configuration class of type WebFluxConfigurer but without@EnableWebFlux.

If you want to take complete control of Spring WebFlux, you can add your own
@Configuration annotated with @EnableWebFlux.

28.2.2 HTTP Codecs with HttpMessageReaders and HttpMessageWriters

Spring WebFlux uses the HttpMessageReader and HttpMessageWriter interfaces to convert
HTTP requests and responses. They are configured with CodecConfigurer to have sensible
defaults by looking at the libraries available in your classpath.

Spring Boot applies further customization by using CodecCustomizer instances. For
example, spring.jackson.* configuration keys are applied to the Jackson codec.

If you need to add or customize codecs, you can create a custom CodecCustomizer
component, as shown in the following example:

28.2.3 Static Content

By default, Spring Boot serves static content from a directory called /static (or
/public or /resources or /META-INF/resources) in the classpath. It uses the
ResourceWebHandler from Spring WebFlux so that you can modify that behavior by adding
your own WebFluxConfigurer and overriding the addResourceHandlers method.

By default, resources are mapped on /**, but you can tune that by setting the
spring.webflux.static-path-pattern property. For instance, relocating all resources to
/resources/** can be achieved as follows:

spring.webflux.static-path-pattern=/resources/**

You can also customize the static resource locations by using
spring.resources.static-locations. Doing so replaces the default values with a list of
directory locations. If you do so, the default welcome page detection switches to your
custom locations. So, if there is an index.html in any of your locations on startup, it
is the home page of the application.

In addition to the “standard” static resource locations listed earlier, a special case
is made for Webjars content. Any resources with a path in
/webjars/** are served from jar files if they are packaged in the Webjars format.

Tip

Spring WebFlux applications do not strictly depend on the Servlet API, so they
cannot be deployed as war files and do not use the src/main/webapp directory.

28.2.4 Template Engines

As well as REST web services, you can also use Spring WebFlux to serve dynamic HTML
content. Spring WebFlux supports a variety of templating technologies, including
Thymeleaf, FreeMarker, and Mustache.

Spring Boot includes auto-configuration support for the following templating engines:

When you use one of these templating engines with the default configuration, your
templates are picked up automatically from src/main/resources/templates.

28.2.5 Error Handling

Spring Boot provides a WebExceptionHandler that handles all errors in a sensible way.
Its position in the processing order is immediately before the handlers provided by
WebFlux, which are considered last. For machine clients, it produces a JSON response
with details of the error, the HTTP status, and the exception message. For browser
clients, there is a “whitelabel” error handler that renders the same data in HTML
format. You can also provide your own HTML templates to display errors (see the
next section).

The first step to customizing this feature often involves using the existing mechanism
but replacing or augmenting the error contents. For that, you can add a bean of type
ErrorAttributes.

To change the error handling behavior, you can implement ErrorWebExceptionHandler and
register a bean definition of that type. Because a WebExceptionHandler is quite
low-level, Spring Boot also provides a convenient AbstractErrorWebExceptionHandler to
let you handle errors in a WebFlux functional way, as shown in the following example:

For a more complete picture, you can also subclass DefaultErrorWebExceptionHandler
directly and override specific methods.

Custom Error Pages

If you want to display a custom HTML error page for a given status code, you can add a
file to an /error folder. Error pages can either be static HTML (that is, added under
any of the static resource folders) or built with templates. The name of the file should
be the exact status code or a series mask.

For example, to map 404 to a static HTML file, your folder structure would be as
follows:

28.2.6 Web Filters

Spring WebFlux provides a WebFilter interface that can be implemented to filter HTTP
request-response exchanges. WebFilter beans found in the application context will
be automatically used to filter each exchange.

Where the order of the filters is important they can implement Ordered or be annotated
with @Order. Spring Boot auto-configuration may configure web filters for you. When it
does so, the orders shown in the following table will be used:

Web Filter

Order

MetricsWebFilter

Ordered.HIGHEST_PRECEDENCE + 1

WebFilterChainProxy (Spring Security)

-100

HttpTraceWebFilter

Ordered.LOWEST_PRECEDENCE - 10

28.3 JAX-RS and Jersey

If you prefer the JAX-RS programming model for REST endpoints, you can use one of the
available implementations instead of Spring MVC. Jersey and
Apache CXF work quite well out of the box. CXF requires you to
register its Servlet or Filter as a @Bean in your application context. Jersey has
some native Spring support, so we also provide auto-configuration support for it in
Spring Boot, together with a starter.

To get started with Jersey, include the spring-boot-starter-jersey as a dependency
and then you need one @Bean of type ResourceConfig in which you register all the
endpoints, as shown in the following example:

Jersey’s support for scanning executable archives is rather limited. For
example, it cannot scan for endpoints in a package found in WEB-INF/classes when
running an executable war file. To avoid this limitation, the packages method should
not be used, and endpoints should be registered individually by using the register
method, as shown in the preceding example.

For more advanced customizations, you can also register an arbitrary number of beans that
implement ResourceConfigCustomizer.

All the registered endpoints should be @Components with HTTP resource annotations
(@GET and others), as shown in the following example:

Since the Endpoint is a Spring @Component, its lifecycle is managed by Spring and you
can use the @Autowired annotation to inject dependencies and use the @Value
annotation to inject external configuration. By default, the Jersey servlet is registered
and mapped to /*. You can change the mapping by adding @ApplicationPath to your
ResourceConfig.

By default, Jersey is set up as a Servlet in a @Bean of type ServletRegistrationBean
named jerseyServletRegistration. By default, the servlet is initialized lazily, but you
can customize that behavior by setting spring.jersey.servlet.load-on-startup. You can
disable or override that bean by creating one of your own with the same name. You can
also use a filter instead of a servlet by setting spring.jersey.type=filter (in which
case, the @Bean to replace or override is jerseyFilterRegistration). The filter has
an @Order, which you can set with spring.jersey.filter.order. Both the servlet and
the filter registrations can be given init parameters by using spring.jersey.init.* to
specify a map of properties.

28.4 Embedded Servlet Container Support

Spring Boot includes support for embedded Tomcat,
Jetty, and Undertow servers. Most
developers use the appropriate “Starter” to obtain a fully configured instance. By
default, the embedded server listens for HTTP requests on port 8080.

Warning

If you choose to use Tomcat on CentOS, be aware that, by
default, a temporary directory is used to store compiled JSPs, file uploads, and so on.
This directory may be deleted by tmpwatch while your application is running, leading to
failures. To avoid this behavior, you may want to customize your tmpwatch configuration
such that tomcat.* directories are not deleted or configure server.tomcat.basedir such
that embedded Tomcat uses a different location.

28.4.1 Servlets, Filters, and listeners

When using an embedded servlet container, you can register servlets, filters, and all the
listeners (such as HttpSessionListener) from the Servlet spec, either by using Spring
beans or by scanning for Servlet components.

Registering Servlets, Filters, and Listeners as Spring Beans

Any Servlet, Filter, or servlet *Listener instance that is a Spring bean is
registered with the embedded container. This can be particularly convenient if you want
to refer to a value from your application.properties during configuration.

By default, if the context contains only a single Servlet, it is mapped to /. In the
case of multiple servlet beans, the bean name is used as a path prefix. Filters map to
/*.

If convention-based mapping is not flexible enough, you can use the
ServletRegistrationBean, FilterRegistrationBean, and
ServletListenerRegistrationBean classes for complete control.

Spring Boot ships with many auto-configurations that may define Filter beans. Here are a
few examples of Filters and their respective order (lower order value means higher
precedence):

Servlet Filter

Order

OrderedCharacterEncodingFilter

Ordered.HIGHEST_PRECEDENCE

WebMvcMetricsFilter

Ordered.HIGHEST_PRECEDENCE + 1

ErrorPageFilter

Ordered.HIGHEST_PRECEDENCE + 1

HttpTraceFilter

Ordered.LOWEST_PRECEDENCE - 10

It is usually safe to leave Filter beans unordered.

If a specific order is required, you should avoid configuring a Filter that reads the
request body at Ordered.HIGHEST_PRECEDENCE, since it might go against the character
encoding configuration of your application. If a Servlet filter wraps the request, it
should be configured with an order that is less than or equal to
OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER.

28.4.2 Servlet Context Initialization

Embedded servlet containers do not directly execute the Servlet 3.0+
javax.servlet.ServletContainerInitializer interface or Spring’s
org.springframework.web.WebApplicationInitializer interface. This is an intentional
design decision intended to reduce the risk that third party libraries designed to run
inside a war may break Spring Boot applications.

If you need to perform servlet context initialization in a Spring Boot application, you
should register a bean that implements the
org.springframework.boot.web.servlet.ServletContextInitializer interface. The
single onStartup method provides access to the ServletContext and, if necessary, can
easily be used as an adapter to an existing WebApplicationInitializer.

Scanning for Servlets, Filters, and listeners

When using an embedded container, automatic registration of classes annotated with
@WebServlet, @WebFilter, and @WebListener can be enabled by using
@ServletComponentScan.

Tip

@ServletComponentScan has no effect in a standalone container, where the
container’s built-in discovery mechanisms are used instead.

28.4.3 The ServletWebServerApplicationContext

Under the hood, Spring Boot uses a different type of ApplicationContext for embedded
servlet container support. The ServletWebServerApplicationContext is a special type of
WebApplicationContext that bootstraps itself by searching for a single
ServletWebServerFactory bean. Usually a TomcatServletWebServerFactory,
JettyServletWebServerFactory, or UndertowServletWebServerFactory
has been auto-configured.

Note

You usually do not need to be aware of these implementation classes. Most
applications are auto-configured, and the appropriate ApplicationContext and
ServletWebServerFactory are created on your behalf.

28.4.4 Customizing Embedded Servlet Containers

Common servlet container settings can be configured by using Spring Environment
properties. Usually, you would define the properties in your application.properties
file.

Spring Boot tries as much as possible to expose common settings, but this is not always
possible. For those cases, dedicated namespaces offer server-specific customizations (see
server.tomcat and server.undertow). For instance,
access logs can be configured with specific
features of the embedded servlet container.

Programmatic Customization

If you need to programmatically configure your embedded servlet container, you can
register a Spring bean that implements the WebServerFactoryCustomizer interface.
WebServerFactoryCustomizer provides access to the
ConfigurableServletWebServerFactory, which includes numerous customization setter
methods. The following example shows programmatically setting the port:

TomcatServletWebServerFactory, JettyServletWebServerFactory and UndertowServletWebServerFactory
are dedicated variants of ConfigurableServletWebServerFactory that have additional customization setter methods
for Tomcat, Jetty and Undertow respectively.

Customizing ConfigurableServletWebServerFactory Directly

If the preceding customization techniques are too limited, you can register the
TomcatServletWebServerFactory, JettyServletWebServerFactory, or
UndertowServletWebServerFactory bean yourself.

Setters are provided for many configuration options. Several protected method “hooks”
are also provided should you need to do something more exotic. See the
source
code documentation for details.

28.4.5 JSP Limitations

When running a Spring Boot application that uses an embedded servlet container (and is
packaged as an executable archive), there are some limitations in the JSP support.

With Jetty and Tomcat, it should work if you use war packaging. An executable war will
work when launched with java -jar, and will also be deployable to any standard
container. JSPs are not supported when using an executable jar.

28.5 Embedded Reactive Server Support

Spring Boot includes support for the following embedded reactive web servers:
Reactor Netty, Tomcat, Jetty, and Undertow. Most developers use the appropriate “Starter”
to obtain a fully configured instance. By default, the embedded server listens for HTTP
requests on port 8080.

28.6 Reactive Server Resources Configuration

When auto-configuring a Reactor Netty or Jetty server, Spring Boot will create specific
beans that will provide HTTP resources to the server instance: ReactorResourceFactory
or JettyResourceFactory.

By default, those resources will be also shared with the Reactor Netty and Jetty clients
for optimal performances, given:

the same technology is used for server and client

the client instance is built using the WebClient.Builder bean auto-configured by
Spring Boot

Developers can override the resource configuration for Jetty and Reactor Netty by providing
a custom ReactorResourceFactory or JettyResourceFactory bean - this will be applied to
both clients and servers.

29. Security

If Spring Security is on the classpath, then web applications are
secured by default. Spring Boot relies on Spring Security’s content-negotiation strategy
to determine whether to use httpBasic or formLogin. To add method-level security to a
web application, you can also add @EnableGlobalMethodSecurity with your desired
settings. Additional information can be found in the
Spring Security Reference Guide.

The default UserDetailsService has a single user. The user name is user, and the
password is random and is printed at INFO level when the application starts, as shown in
the following example:

If you fine-tune your logging configuration, ensure that the
org.springframework.boot.autoconfigure.security category is set to log INFO-level
messages. Otherwise, the default password is not printed.

You can change the username and password by providing a spring.security.user.name and
spring.security.user.password.

The basic features you get by default in a web application are:

A UserDetailsService (or ReactiveUserDetailsService in case of a WebFlux application)
bean with in-memory store and a single user with a generated password (see
SecurityProperties.User
for the properties of the user).

Form-based login or HTTP Basic security (depending on Content-Type) for the entire
application (including actuator endpoints if actuator is on the classpath).

A DefaultAuthenticationEventPublisher for publishing authentication events.

You can provide a different AuthenticationEventPublisher by adding a bean for it.

29.1 MVC Security

The default security configuration is implemented in SecurityAutoConfiguration and
UserDetailsServiceAutoConfiguration. SecurityAutoConfiguration imports
SpringBootWebSecurityConfiguration for web security and
UserDetailsServiceAutoConfiguration configures authentication, which is also
relevant in non-web applications. To switch off the default web application security
configuration completely, you can add a bean of type WebSecurityConfigurerAdapter (doing
so does not disable the UserDetailsService configuration or Actuator’s security).

To also switch off the UserDetailsService configuration, you can add a bean of type
UserDetailsService, AuthenticationProvider, or AuthenticationManager.
There are several secure applications in the Spring
Boot samples to get you started with common use cases.

Access rules can be overridden by adding a custom WebSecurityConfigurerAdapter. Spring
Boot provides convenience methods that can be used to override access rules for actuator
endpoints and static resources. EndpointRequest can be used to create a RequestMatcher
that is based on the management.endpoints.web.base-path property.
PathRequest can be used to create a RequestMatcher for resources in
commonly used locations.

29.2 WebFlux Security

Similar to Spring MVC applications, you can secure your WebFlux applications by adding
the spring-boot-starter-security dependency. The default security configuration is
implemented in ReactiveSecurityAutoConfiguration and
UserDetailsServiceAutoConfiguration. ReactiveSecurityAutoConfiguration imports
WebFluxSecurityConfiguration for web security and UserDetailsServiceAutoConfiguration
configures authentication, which is also relevant in non-web applications. To switch off the default web application security
configuration completely, you can add a bean of type WebFilterChainProxy (doing so does
not disable the UserDetailsService configuration or Actuator’s security).

To also switch off the UserDetailsService configuration, you can add a bean of type
ReactiveUserDetailsService or ReactiveAuthenticationManager.

Access rules can be configured by adding a custom SecurityWebFilterChain. Spring
Boot provides convenience methods that can be used to override access rules for actuator
endpoints and static resources. EndpointRequest can be used to create a
ServerWebExchangeMatcher that is based on the management.endpoints.web.base-path
property.

PathRequest can be used to create a ServerWebExchangeMatcher for resources in
commonly used locations.

For example, you can customize your security configuration by adding something like:

29.3 OAuth2

OAuth2 is a widely used authorization framework that is supported by
Spring.

29.3.1 Client

If you have spring-security-oauth2-client on your classpath, you can take advantage of
some auto-configuration to make it easy to set up an OAuth2/Open ID Connect clients. This configuration
makes use of the properties under OAuth2ClientProperties. The same properties are applicable to both servlet and reactive applications.

You can register multiple OAuth2 clients and providers under the
spring.security.oauth2.client prefix, as shown in the following example:

For OpenID Connect providers that support OpenID Connect discovery,
the configuration can be further simplified. The provider needs to be configured with an issuer-uri which is the
URI that the it asserts as its Issuer Identifier. For example, if the
issuer-uri provided is "https://example.com", then an OpenID Provider Configuration Request
will be made to "https://example.com/.well-known/openid-configuration". The result is expected
to be an OpenID Provider Configuration Response. The following example shows how an OpenID Connect
Provider can be configured with the issuer-uri:

By default, Spring Security’s OAuth2LoginAuthenticationFilter only processes URLs
matching /login/oauth2/code/*. If you want to customize the redirect-uri to
use a different pattern, you need to provide configuration to process that custom pattern.
For example, for servlet applications, you can add your own WebSecurityConfigurerAdapter that resembles the
following:

OAuth2 client registration for common providers

For common OAuth2 and OpenID providers, including Google, Github, Facebook, and Okta,
we provide a set of provider defaults (google, github, facebook, and okta,
respectively).

If you do not need to customize these providers, you can set the provider attribute to
the one for which you need to infer defaults. Also, if the key for the client registration matches a
default supported provider, Spring Boot infers that as well.

In other words, the two configurations in the following example use the Google provider:

29.3.2 Resource Server

If you have spring-security-oauth2-resource-server on your classpath, Spring Boot can
set up an OAuth2 Resource Server as long as a JWK Set URI or OIDC Issuer URI is specified,
as shown in the following examples:

The same properties are applicable for both servlet and reactive applications.

Alternatively, you can define your own JwtDecoder bean for servlet applications
or a ReactiveJwtDecoder for reactive applications.

29.3.3 Authorization Server

Currently, Spring Security does not provide support for implementing an OAuth 2.0
Authorization Server. However, this functionality is available from
the Spring Security OAuth project,
which will eventually be superseded by Spring Security completely. Until then, you can
use the spring-security-oauth2-autoconfigure module to easily set up an OAuth 2.0 authorization server;
see its documentation for instructions.

29.4 Actuator Security

For security purposes, all actuators other than /health and /info are disabled by
default. The management.endpoints.web.exposure.include property can be used to enable
the actuators.

If Spring Security is on the classpath and no other WebSecurityConfigurerAdapter is
present, all actuators other than /health and /info are secured by Spring Boot
auto-configuration. If you define a custom WebSecurityConfigurerAdapter, Spring Boot
auto-configuration will back off and you will be in full control of actuator access rules.

Note

Before setting the management.endpoints.web.exposure.include, ensure that the
exposed actuators do not contain sensitive information and/or are secured by placing them
behind a firewall or by something like Spring Security.

29.4.1 Cross Site Request Forgery Protection

Since Spring Boot relies on Spring Security’s defaults, CSRF protection is turned on by
default. This means that the actuator endpoints that require a POST (shutdown and
loggers endpoints), PUT or DELETE will get a 403 forbidden error when the default
security configuration is in use.

Note

We recommend disabling CSRF protection completely only if you are creating a service
that is used by non-browser clients.

30. Working with SQL Databases

The Spring Framework provides extensive support for working with SQL
databases, from direct JDBC access using JdbcTemplate to complete “object relational
mapping” technologies such as Hibernate. Spring Data provides an
additional level of functionality: creating Repository implementations directly from
interfaces and using conventions to generate queries from your method names.

30.1 Configure a DataSource

Java’s javax.sql.DataSource interface provides a standard method of working with
database connections. Traditionally, a 'DataSource' uses a URL along with some
credentials to establish a database connection.

Tip

See the “How-to” section for more
advanced examples, typically to take full control over the configuration of the
DataSource.

30.1.1 Embedded Database Support

It is often convenient to develop applications by using an in-memory embedded database.
Obviously, in-memory databases do not provide persistent storage. You need to populate
your database when your application starts and be prepared to throw away data when your
application ends.

Spring Boot can auto-configure embedded H2,
HSQL, and Derby databases. You need not
provide any connection URLs. You need only include a build dependency to the embedded
database that you want to use.

Note

If you are using this feature in your tests, you may notice that the same database is
reused by your whole test suite regardless of the number of application contexts that you
use. If you want to make sure that each context has a separate embedded database, you
should set spring.datasource.generate-unique-name to true.

You need a dependency on spring-jdbc for an embedded database to be
auto-configured. In this example, it is pulled in transitively through
spring-boot-starter-data-jpa.

Tip

If, for whatever reason, you do configure the connection URL for an embedded
database, take care to ensure that the database’s automatic shutdown is disabled. If you
use H2, you should use DB_CLOSE_ON_EXIT=FALSE to do so. If you use HSQLDB, you should
ensure that shutdown=true is not used. Disabling the database’s automatic shutdown lets
Spring Boot control when the database is closed, thereby ensuring that it happens once
access to the database is no longer needed.

30.1.2 Connection to a Production Database

Production database connections can also be auto-configured by using a pooling
DataSource. Spring Boot uses the following algorithm for choosing a specific
implementation:

We prefer HikariCP for its performance and
concurrency. If HikariCP is available, we always choose it.

Otherwise, if the Tomcat pooling DataSource is available, we use it.

If neither HikariCP nor the Tomcat pooling datasource are available and if
Commons DBCP2 is available, we use it.

If you use the spring-boot-starter-jdbc or spring-boot-starter-data-jpa “starters”,
you automatically get a dependency to HikariCP.

Note

You can bypass that algorithm completely and specify the connection pool to use by
setting the spring.datasource.type property. This is especially important if you run
your application in a Tomcat container, as tomcat-jdbc is provided by default.

Tip

Additional connection pools can always be configured manually. If you define your
own DataSource bean, auto-configuration does not occur.

DataSource configuration is controlled by external configuration properties in
spring.datasource.*. For example, you might declare the following section in
application.properties:

You should at least specify the URL by setting the spring.datasource.url
property. Otherwise, Spring Boot tries to auto-configure an embedded database.

Tip

You often do not need to specify the driver-class-name, since Spring Boot can
deduce it for most databases from the url.

Note

For a pooling DataSource to be created, we need to be able to verify that a valid
Driver class is available, so we check for that before doing anything. In other words,
if you set spring.datasource.driver-class-name=com.mysql.jdbc.Driver, then that class
has to be loadable.

See
DataSourceProperties
for more of the supported options. These are the standard options that work regardless of
the actual implementation. It is also possible to fine-tune implementation-specific
settings by using their respective prefix (spring.datasource.hikari.*,
spring.datasource.tomcat.*, and spring.datasource.dbcp2.*). Refer to the
documentation of the connection pool implementation you are using for more details.

For instance, if you use the
Tomcat
connection pool, you could customize many additional settings, as shown in the following
example:

# Number of ms to wait before throwing an exception if no connection is available.spring.datasource.tomcat.max-wait=10000
# Maximum number of active connections that can be allocated from this pool at the same time.spring.datasource.tomcat.max-active=50
# Validate the connection before borrowing it from the pool.spring.datasource.tomcat.test-on-borrow=true

30.1.3 Connection to a JNDI DataSource

If you deploy your Spring Boot application to an Application Server, you might want to
configure and manage your DataSource by using your Application Server’s built-in features
and access it by using JNDI.

The spring.datasource.jndi-name property can be used as an alternative to the
spring.datasource.url, spring.datasource.username, and spring.datasource.password
properties to access the DataSource from a specific JNDI location. For example, the
following section in application.properties shows how you can access a JBoss AS defined
DataSource:

spring.datasource.jndi-name=java:jboss/datasources/customers

30.2 Using JdbcTemplate

Spring’s JdbcTemplate and NamedParameterJdbcTemplate classes are auto-configured, and
you can @Autowire them directly into your own beans, as shown in the following example:

You can customize some properties of the template by using the spring.jdbc.template.*
properties, as shown in the following example:

spring.jdbc.template.max-rows=500

Note

The NamedParameterJdbcTemplate reuses the same JdbcTemplate instance behind the
scenes. If more than one JdbcTemplate is defined and no primary candidate exists, the
NamedParameterJdbcTemplate is not auto-configured.

30.3 JPA and Spring Data JPA

The Java Persistence API is a standard technology that lets you “map” objects to
relational databases. The spring-boot-starter-data-jpa POM provides a quick way to get
started. It provides the following key dependencies:

30.3.1 Entity Classes

Traditionally, JPA “Entity” classes are specified in a persistence.xml file. With
Spring Boot, this file is not necessary and “Entity Scanning” is used instead. By
default, all packages below your main configuration class (the one annotated with
@EnableAutoConfiguration or @SpringBootApplication) are searched.

Any classes annotated with @Entity, @Embeddable, or @MappedSuperclass are
considered. A typical entity class resembles the following example:

30.3.2 Spring Data JPA Repositories

Spring Data JPA repositories are interfaces that you can define to
access data. JPA queries are created automatically from your method names. For example, a
CityRepository interface might declare a findAllByState(String state) method to find
all the cities in a given state.

For more complex queries, you can annotate your method with Spring Data’s
Query annotation.

Spring Data repositories usually extend from the
Repository or
CrudRepository
interfaces. If you use auto-configuration, repositories are searched from the package
containing your main configuration class (the one annotated with
@EnableAutoConfiguration or @SpringBootApplication) down.

Spring Data JPA repositories support three different modes of bootstrapping: default,
deferred, and lazy. To enable deferred or lazy bootstrapping, set the
spring.data.jpa.repositories.bootstrap-mode to deferred or lazy respectively. When
using deferred or lazy bootstrapping, the auto-configured EntityManagerFactoryBuilder
will use the context’s async task executor, if any, as the bootstrap executor.

30.3.3 Creating and Dropping JPA Databases

By default, JPA databases are automatically created only if you use an embedded
database (H2, HSQL, or Derby). You can explicitly configure JPA settings by using
spring.jpa.* properties. For example, to create and drop tables you can add the
following line to your application.properties:

spring.jpa.hibernate.ddl-auto=create-drop

Note

Hibernate’s own internal property name for this (if you happen to remember it
better) is hibernate.hbm2ddl.auto. You can set it, along with other Hibernate native
properties, by using spring.jpa.properties.* (the prefix is stripped before adding
them to the entity manager). The following line shows an example of setting JPA
properties for Hibernate:

spring.jpa.properties.hibernate.globally_quoted_identifiers=true

The line in the preceding example passes a value of true for the
hibernate.globally_quoted_identifiers property to the Hibernate entity manager.

By default, the DDL execution (or validation) is deferred until the ApplicationContext
has started. There is also a spring.jpa.generate-ddl flag, but it is not used if
Hibernate auto-configuration is active, because the ddl-auto settings are more
fine-grained.

30.3.4 Open EntityManager in View

If you are running a web application, Spring Boot by default registers
OpenEntityManagerInViewInterceptor
to apply the “Open EntityManager in View” pattern, to allow for lazy loading in web
views. If you do not want this behavior, you should set spring.jpa.open-in-view to
false in your application.properties.

30.4 Spring Data JDBC

Spring Data includes repository support for JDBC and will automatically generate SQL for
the methods on CrudRepository. For more advanced queries, a @Query annotation is
provided.

Spring Boot will auto-configure Spring Data’s JDBC repositories when the necessary
dependencies are on the classpath. They can be added to your project with a single
dependency on spring-boot-starter-data-jdbc. If necessary, you can take control of
Spring Data JDBC’s configuration by adding the @EnableJdbcRepositories annotation or a
JdbcConfiguration subclass to your application.

If you are not using Spring Boot’s developer tools but would still like to make use
of H2’s console, you can configure the spring.h2.console.enabled property with a value
of true.

Note

The H2 console is only intended for use during development, so you should take
care to ensure that spring.h2.console.enabled is not set to true in production.

30.5.1 Changing the H2 Console’s Path

By default, the console is available at /h2-console. You can customize the console’s
path by using the spring.h2.console.path property.

30.6 Using jOOQ

Java Object Oriented Querying (jOOQ) is a popular product from
Data Geekery which generates Java code from your
database and lets you build type-safe SQL queries through its fluent API. Both the
commercial and open source editions can be used with Spring Boot.

30.6.1 Code Generation

In order to use jOOQ type-safe queries, you need to generate Java classes from your
database schema. You can follow the instructions in the
jOOQ user manual. If you use the
jooq-codegen-maven plugin and you also use the spring-boot-starter-parent
“parent POM”, you can safely omit the plugin’s <version> tag. You can also use Spring
Boot-defined version variables (such as h2.version) to declare the plugin’s database
dependency. The following listing shows an example:

30.6.2 Using DSLContext

The fluent API offered by jOOQ is initiated through the org.jooq.DSLContext interface.
Spring Boot auto-configures a DSLContext as a Spring Bean and connects it to your
application DataSource. To use the DSLContext, you can @Autowire it, as shown in
the following example:

30.6.3 jOOQ SQL Dialect

Unless the spring.jooq.sql-dialect property has been configured, Spring Boot determines
the SQL dialect to use for your datasource. If Spring Boot could not detect the dialect,
it uses DEFAULT.

Note

Spring Boot can only auto-configure dialects supported by the open source version
of jOOQ.

30.6.4 Customizing jOOQ

More advanced customizations can be achieved by defining your own @Bean definitions,
which is used when the jOOQ Configuration is created. You can define beans for the
following jOOQ Types:

ConnectionProvider

ExecutorProvider

TransactionProvider

RecordMapperProvider

RecordUnmapperProvider

RecordListenerProvider

ExecuteListenerProvider

VisitListenerProvider

TransactionListenerProvider

You can also create your own org.jooq.Configuration@Bean if you want to take
complete control of the jOOQ configuration.

31. Working with NoSQL Technologies

Spring Data provides additional projects that help you access a variety of NoSQL
technologies, including:
MongoDB,
Neo4J,
Elasticsearch,
Solr,
Redis,
Gemfire,
Cassandra,
Couchbase and
LDAP.
Spring Boot provides auto-configuration for Redis, MongoDB, Neo4j, Elasticsearch, Solr
Cassandra, Couchbase, and LDAP. You can make use of the other projects, but you must
configure them yourself. Refer to the appropriate reference documentation at
projects.spring.io/spring-data.

31.1 Redis

Redis is a cache, message broker, and richly-featured key-value store.
Spring Boot offers basic auto-configuration for the
Lettuce and
Jedis client libraries and the abstractions on top
of them provided by Spring Data
Redis.

There is a spring-boot-starter-data-redis “Starter” for collecting the dependencies
in a convenient way. By default, it uses
Lettuce. That starter handles both
traditional and reactive applications.

Tip

we also provide a spring-boot-starter-data-redis-reactive “Starter” for
consistency with the other stores with reactive support.

31.1.1 Connecting to Redis

You can inject an auto-configured RedisConnectionFactory, StringRedisTemplate, or
vanilla RedisTemplate instance as you would any other Spring Bean. By default, the
instance tries to connect to a Redis server at localhost:6379. The following listing
shows an example of such a bean:

You can also register an arbitrary number of beans that implement
LettuceClientConfigurationBuilderCustomizer for more advanced customizations. If you
use Jedis, JedisClientConfigurationBuilderCustomizer is also available.

If you add your own @Bean of any of the auto-configured types, it replaces the default
(except in the case of RedisTemplate, when the exclusion is based on the bean name,
redisTemplate, not its type). By default, if commons-pool2 is on the classpath, you
get a pooled connection factory.

31.2 MongoDB

MongoDB is an open-source NoSQL document database that uses a
JSON-like schema instead of traditional table-based relational data. Spring Boot offers
several conveniences for working with MongoDB, including the
spring-boot-starter-data-mongodb and spring-boot-starter-data-mongodb-reactive
“Starters”.

31.2.1 Connecting to a MongoDB Database

To access Mongo databases, you can inject an auto-configured
org.springframework.data.mongodb.MongoDbFactory. By default, the instance tries to
connect to a MongoDB server at mongodb://localhost/test The following example shows how
to connect to a MongoDB database:

Alternatively, as long as you use Mongo 2.x, you can specify a host/port. For
example, you might declare the following settings in your application.properties:

spring.data.mongodb.host=mongoserver
spring.data.mongodb.port=27017

If you have defined your own MongoClient, it will be used to auto-configure a suitable
MongoDbFactory. Both com.mongodb.MongoClient and com.mongodb.client.MongoClient
are supported.

Note

If you use the Mongo 3.0 Java driver, spring.data.mongodb.host and
spring.data.mongodb.port are not supported. In such cases, spring.data.mongodb.uri
should be used to provide all of the configuration.

Tip

If spring.data.mongodb.port is not specified, the default of 27017 is used. You
could delete this line from the example shown earlier.

Tip

If you do not use Spring Data Mongo, you can inject com.mongodb.MongoClient beans
instead of using MongoDbFactory. If you want to take complete control of establishing
the MongoDB connection, you can also declare your own MongoDbFactory or MongoClient
bean.

Note

If you are using the reactive driver, Netty is required for SSL. The
auto-configuration configures this factory automatically if Netty is available and the
factory to use hasn’t been customized already.

31.2.2 MongoTemplate

Spring Data MongoDB provides a
MongoTemplate class that is very
similar in its design to Spring’s JdbcTemplate. As with JdbcTemplate, Spring Boot
auto-configures a bean for you to inject the template, as follows:

31.2.3 Spring Data MongoDB Repositories

Spring Data includes repository support for MongoDB. As with the JPA repositories
discussed earlier, the basic principle is that queries are constructed automatically,
based on method names.

In fact, both Spring Data JPA and Spring Data MongoDB share the same common
infrastructure. You could take the JPA example from earlier and, assuming that City is
now a Mongo data class rather than a JPA @Entity, it works in the same way, as shown
in the following example:

You can customize document scanning locations by using the @EntityScan annotation.

Tip

For complete details of Spring Data MongoDB, including its rich object mapping
technologies, refer to its reference
documentation.

31.2.4 Embedded Mongo

Spring Boot offers auto-configuration for
Embedded Mongo. To use it in
your Spring Boot application, add a dependency on
de.flapdoodle.embed:de.flapdoodle.embed.mongo.

The port that Mongo listens on can be configured by setting the spring.data.mongodb.port
property. To use a randomly allocated free port, use a value of 0. The MongoClient
created by MongoAutoConfiguration is automatically configured to use the randomly
allocated port.

Note

If you do not configure a custom port, the embedded support uses a random port
(rather than 27017) by default.

If you have SLF4J on the classpath, the output produced by Mongo is automatically routed
to a logger named org.springframework.boot.autoconfigure.mongo.embedded.EmbeddedMongo.

You can declare your own IMongodConfig and IRuntimeConfig beans to take control of
the Mongo instance’s configuration and logging routing.

31.3 Neo4j

Neo4j is an open-source NoSQL graph database that uses a rich data
model of nodes connected by first class relationships, which is better suited for
connected big data than traditional RDBMS approaches. Spring Boot offers several
conveniences for working with Neo4j, including the spring-boot-starter-data-neo4j
“Starter”.

31.3.1 Connecting to a Neo4j Database

To access a Neo4j server, you can inject an auto-configured
org.neo4j.ogm.session.Session. By default, the instance tries to connect to a Neo4j
server at localhost:7687 using the Bolt protocol. The following example shows how to
inject a Neo4j Session:

You can take full control over the session creation by adding a
org.neo4j.ogm.config.Configuration@Bean. Also, adding a @Bean of type
SessionFactory disables the auto-configuration and gives you full control.

31.3.2 Using the Embedded Mode

If you add org.neo4j:neo4j-ogm-embedded-driver to the dependencies of your application,
Spring Boot automatically configures an in-process embedded instance of Neo4j that does
not persist any data when your application shuts down.

Note

As the embedded Neo4j OGM driver does not provide the Neo4j kernel itself, you have
to declare org.neo4j:neo4j as dependency yourself. Refer to
the
Neo4j OGM documentation for a list of compatible versions.

The embedded driver takes precedence over the other drivers when there are multiple
drivers on the classpath. You can explicitly disable the embedded mode by setting
spring.data.neo4j.embedded.enabled=false.

Data Neo4j Tests
automatically make use of an embedded Neo4j instance if the embedded driver and Neo4j
kernel are on the classpath as described above.

Note

You can enable persistence for the embedded mode by providing a path to a database file
in your configuration, e.g. spring.data.neo4j.uri=file://var/tmp/graph.db.

31.3.3 Neo4jSession

By default, if you are running a web application, the session is bound to the thread for
the entire processing of the request (that is, it uses the "Open Session in View"
pattern). If you do not want this behavior, add the following line to your
application.properties file:

spring.data.neo4j.open-in-view=false

31.3.4 Spring Data Neo4j Repositories

Spring Data includes repository support for Neo4j.

Spring Data Neo4j shares the common infrastructure with Spring Data JPA as many other
Spring Data modules do. You could take the JPA example from earlier and define
City as Neo4j OGM @NodeEntity rather than JPA @Entity and the repository
abstraction works in the same way, as shown in the following example:

The spring-boot-starter-data-neo4j “Starter” enables the repository support as well
as transaction management. You can customize the locations to look for repositories and
entities by using @EnableNeo4jRepositories and @EntityScan respectively on a
@Configuration-bean.

Tip

For complete details of Spring Data Neo4j, including its object mapping
technologies, refer to the reference
documentation.

31.5 Solr

Apache Solr is a search engine. Spring Boot offers basic
auto-configuration for the Solr 5 client library and the abstractions on top of it
provided by Spring Data Solr. There
is a spring-boot-starter-data-solr “Starter” for collecting the dependencies in a
convenient way.

31.5.1 Connecting to Solr

You can inject an auto-configured SolrClient instance as you would any other Spring
bean. By default, the instance tries to connect to a server at
localhost:8983/solr. The following example shows how to inject a Solr bean:

If you add your own @Bean of type SolrClient, it replaces the default.

31.5.2 Spring Data Solr Repositories

Spring Data includes repository support for Apache Solr. As with the JPA repositories
discussed earlier, the basic principle is that queries are automatically constructed for \
you based on method names.

In fact, both Spring Data JPA and Spring Data Solr share the same common infrastructure.
You could take the JPA example from earlier and, assuming that City is now a
@SolrDocument class rather than a JPA @Entity, it works in the same way.

The transport client is still being used by
Spring Data Elasticsearch,
which you can start using with the spring-boot-starter-data-elasticsearch “Starter”.

31.6.1 Connecting to Elasticsearch by REST clients

Elasticsearch ships
two different REST clients
that you can use to query a cluster: the "Low Level" client and the "High Level" client.

If you have the org.elasticsearch.client:elasticsearch-rest-client dependency on the
classpath, Spring Boot will auto-configure and register a RestClient bean that
by default targets localhost:9200.
You can further tune how RestClient is configured, as shown in the following example:

You can also register an arbitrary number of beans that implement
RestClientBuilderCustomizer for more advanced customizations.
To take full control over the registration, define a RestClient bean.

If you have the org.elasticsearch.client:elasticsearch-rest-high-level-client dependency
on the classpath, Spring Boot will auto-configure a RestHighLevelClient, which wraps
any existing RestClient bean, reusing its HTTP configuration.

31.6.2 Connecting to Elasticsearch by Using Jest

If you have Jest on the classpath, you can inject an auto-configured JestClient that
by default targets localhost:9200. You can further tune how the client is
configured, as shown in the following example:

31.6.3 Connecting to Elasticsearch by Using Spring Data

To connect to Elasticsearch, you must provide the address of one or more cluster nodes.
The address can be specified by setting the spring.data.elasticsearch.cluster-nodes
property to a comma-separated host:port list. With this configuration in place, an
ElasticsearchTemplate or TransportClient can be injected like any other Spring bean,
as shown in the following example:

If you add your own ElasticsearchTemplate or TransportClient@Bean, it replaces the
default.

31.6.4 Spring Data Elasticsearch Repositories

Spring Data includes repository support for Elasticsearch. As with the JPA repositories
discussed earlier, the basic principle is that queries are constructed for you
automatically based on method names.

In fact, both Spring Data JPA and Spring Data Elasticsearch share the same common
infrastructure. You could take the JPA example from earlier and, assuming that City is
now an Elasticsearch @Document class rather than a JPA @Entity, it works in the same
way.

31.7 Cassandra

Cassandra is an open source, distributed database
management system designed to handle large amounts of data across many commodity servers.
Spring Boot offers auto-configuration for Cassandra and the abstractions on top of it
provided by Spring Data
Cassandra. There is a spring-boot-starter-data-cassandra “Starter” for collecting
the dependencies in a convenient way.

31.7.1 Connecting to Cassandra

You can inject an auto-configured CassandraTemplate or a Cassandra Session instance
as you would with any other Spring Bean. The spring.data.cassandra.* properties can be
used to customize the connection. Generally, you provide keyspace-name and
contact-points properties, as shown in the following example:

31.8 Couchbase

Couchbase is an open-source, distributed, multi-model NoSQL
document-oriented database that is optimized for interactive applications. Spring Boot
offers auto-configuration for Couchbase and the abstractions on top of it provided by
Spring Data Couchbase. There are
spring-boot-starter-data-couchbase and spring-boot-starter-data-couchbase-reactive
“Starters” for collecting the dependencies in a convenient way.

31.8.1 Connecting to Couchbase

You can get a Bucket and Cluster by adding the Couchbase SDK and some configuration.
The spring.couchbase.* properties can be used to customize the connection. Generally,
you provide the bootstrap hosts, bucket name, and password, as shown in the following
example:

You need to provide at least the bootstrap host(s), in which case the bucket name is
default and the password is an empty String. Alternatively, you can define your own
org.springframework.data.couchbase.config.CouchbaseConfigurer@Bean to take control
over the whole configuration.

It is also possible to customize some of the CouchbaseEnvironment settings. For
instance, the following configuration changes the timeout to use to open a new Bucket
and enables SSL support:

31.8.2 Spring Data Couchbase Repositories

Spring Data includes repository support for Couchbase. For complete details of Spring
Data Couchbase, refer to the
reference
documentation.

You can inject an auto-configured CouchbaseTemplate instance as you would with any
other Spring Bean, provided a defaultCouchbaseConfigurer is available (which
happens when you enable Couchbase support, as explained earlier).

If you want to fully bypass the auto-configuration for Spring Data Couchbase,
provide your own implementation of
org.springframework.data.couchbase.config.AbstractCouchbaseDataConfiguration.

31.9 LDAP

LDAP (Lightweight
Directory Access Protocol) is an open, vendor-neutral, industry standard application
protocol for accessing and maintaining distributed directory information services over an
IP network. Spring Boot offers auto-configuration for any compliant LDAP server as well
as support for the embedded in-memory LDAP server from
UnboundID.

LDAP abstractions are provided by
Spring Data LDAP.
There is a spring-boot-starter-data-ldap “Starter” for collecting the dependencies in
a convenient way.

31.9.1 Connecting to an LDAP Server

To connect to an LDAP server, make sure you declare a dependency on the
spring-boot-starter-data-ldap “Starter” or spring-ldap-core and then declare the
URLs of your server in your application.properties, as shown in the following example:

If you need to customize connection settings, you can use the spring.ldap.base and
spring.ldap.base-environment properties.

An LdapContextSource is auto-configured based on these settings. If you need to customize
it, for instance to use a PooledContextSource, you can still inject the auto-configured
LdapContextSource. Make sure to flag your customized ContextSource as @Primary so
that the auto-configured LdapTemplate uses it.

31.9.2 Spring Data LDAP Repositories

Spring Data includes repository support for LDAP. For complete details of Spring
Data LDAP, refer to the
reference
documentation.

You can also inject an auto-configured LdapTemplate instance as you would with any
other Spring Bean, as shown in the following example:

31.9.3 Embedded In-memory LDAP Server

For testing purposes, Spring Boot supports auto-configuration of an in-memory LDAP server
from UnboundID. To configure the server,
add a dependency to com.unboundid:unboundid-ldapsdk and declare a base-dn property, as
follows:

spring.ldap.embedded.base-dn=dc=spring,dc=io

Note

It is possible to define multiple base-dn values, however, since distinguished names
usually contain commas, they must be defined using the correct notation.

In yaml files, you can use the yaml list notation:

spring.ldap.embedded.base-dn:
- dc=spring,dc=io
- dc=pivotal,dc=io

In properties files, you must include the index as part of the property name:

By default, the server starts on a random port and triggers the regular LDAP support.
There is no need to specify a spring.ldap.urls property.

If there is a schema.ldif file on your classpath, it is used to initialize the server.
If you want to load the initialization script from a different resource, you can also use
the spring.ldap.embedded.ldif property.

By default, a standard schema is used to validate LDIF files. You can turn off
validation altogether by setting the spring.ldap.embedded.validation.enabled property.
If you have custom attributes, you can use spring.ldap.embedded.validation.schema to
define your custom attribute types or object classes.

31.10 InfluxDB

InfluxDB is an open-source time series database optimized
for fast, high-availability storage and retrieval of time series data in fields such as
operations monitoring, application metrics, Internet-of-Things sensor data, and real-time
analytics.

31.10.1 Connecting to InfluxDB

Spring Boot auto-configures an InfluxDB instance, provided the influxdb-java client
is on the classpath and the URL of the database is set, as shown in the following
example:

spring.influx.url=http://172.0.0.1:8086

If the connection to InfluxDB requires a user and password, you can set the
spring.influx.user and spring.influx.password properties accordingly.

InfluxDB relies on OkHttp. If you need to tune the http client InfluxDB uses behind the
scenes, you can register an InfluxDbOkHttpClientBuilderProvider bean.

32. Caching

The Spring Framework provides support for transparently adding caching to an application.
At its core, the abstraction applies caching to methods, thus reducing the number of
executions based on the information available in the cache. The caching logic is applied
transparently, without any interference to the invoker. Spring Boot auto-configures the
cache infrastructure as long as caching support is enabled via the @EnableCaching
annotation.

This example demonstrates the use of caching on a potentially costly operation. Before
invoking computePiDecimal, the abstraction looks for an entry in the piDecimals cache
that matches the i argument. If an entry is found, the content in the cache is
immediately returned to the caller, and the method is not invoked. Otherwise, the method
is invoked, and the cache is updated before returning the value.

Caution

You can also use the standard JSR-107 (JCache) annotations (such as
@CacheResult) transparently. However, we strongly advise you to not mix and match the
Spring Cache and JCache annotations.

If you do not add any specific cache library, Spring Boot auto-configures a
simple provider that uses concurrent maps in
memory. When a cache is required (such as piDecimals in the preceding example), this
provider creates it for you. The simple provider is not really recommended for
production usage, but it is great for getting started and making sure that you understand
the features. When you have made up your mind about the cache provider to use, please
make sure to read its documentation to figure out how to configure the caches that your
application uses. Nearly all providers require you to explicitly configure every cache
that you use in the application. Some offer a way to customize the default caches defined
by the spring.cache.cache-names property.

Tip

It is also possible to transparently
update or
evict data from the cache.

32.1 Supported Cache Providers

The cache abstraction does not provide an actual store and relies on abstraction
materialized by the org.springframework.cache.Cache and
org.springframework.cache.CacheManager interfaces.

If you have not defined a bean of type CacheManager or a CacheResolver named
cacheResolver (see
CachingConfigurer),
Spring Boot tries to detect the following providers (in the indicated order):

It is also possible to force a particular cache provider by setting the
spring.cache.type property. Use this property if you need to
disable caching altogether in certain environment
(such as tests).

Tip

Use the spring-boot-starter-cache “Starter” to quickly add basic caching
dependencies. The starter brings in spring-context-support. If you add dependencies
manually, you must include spring-context-support in order to use the JCache,
EhCache 2.x, or Guava support.

If the CacheManager is auto-configured by Spring Boot, you can further tune its
configuration before it is fully initialized by exposing a bean that implements the
CacheManagerCustomizer interface. The following example sets a flag to say that null
values should be passed down to the underlying map:

In the preceding example, an auto-configured ConcurrentMapCacheManager is expected. If
that is not the case (either you provided your own config or a different cache provider
was auto-configured), the customizer is not invoked at all. You can have as many
customizers as you want, and you can also order them by using @Order or Ordered.

32.1.1 Generic

Generic caching is used if the context defines at least one
org.springframework.cache.Cache bean. A CacheManager wrapping all beans of that type
is created.

32.1.2 JCache (JSR-107)

JCache is bootstrapped through the presence of a
javax.cache.spi.CachingProvider on the classpath (that is, a JSR-107 compliant caching
library exists on the classpath), and the JCacheCacheManager is provided by the
spring-boot-starter-cache “Starter”. Various compliant libraries are available, and
Spring Boot provides dependency management for Ehcache 3, Hazelcast, and Infinispan. Any
other compliant library can be added as well.

It might happen that more than one provider is present, in which case the provider must
be explicitly specified. Even if the JSR-107 standard does not enforce a standardized way
to define the location of the configuration file, Spring Boot does its best to
accommodate setting a cache with implementation details, as shown in the following
example:

# Only necessary if more than one provider is presentspring.cache.jcache.provider=com.acme.MyCachingProvider
spring.cache.jcache.config=classpath:acme.xml

Note

When a cache library offers both a native implementation and JSR-107 support,
Spring Boot prefers the JSR-107 support, so that the same features are available if you
switch to a different JSR-107 implementation.

Tip

Spring Boot has general support for Hazelcast. If a
single HazelcastInstance is available, it is automatically reused for the
CacheManager as well, unless the spring.cache.jcache.config property is specified.

There are two ways to customize the underlying javax.cache.cacheManager:

Caches can be created on startup by setting the spring.cache.cache-names property. If
a custom javax.cache.configuration.Configuration bean is defined, it is used to
customize them.

org.springframework.boot.autoconfigure.cache.JCacheManagerCustomizer beans are
invoked with the reference of the CacheManager for full customization.

Tip

If a standard javax.cache.CacheManager bean is defined, it is wrapped
automatically in an org.springframework.cache.CacheManager implementation that the
abstraction expects. No further customization is applied to it.

32.1.3 EhCache 2.x

EhCache 2.x is used if a file named ehcache.xml can be found at
the root of the classpath. If EhCache 2.x is found, the EhCacheCacheManager provided by
the spring-boot-starter-cache “Starter” is used to bootstrap the cache manager. An
alternate configuration file can be provided as well, as shown in the following example:

32.1.4 Hazelcast

32.1.5 Infinispan

Infinispan has no default configuration file location, so it must
be specified explicitly. Otherwise, the default bootstrap is used.

spring.cache.infinispan.config=infinispan.xml

Caches can be created on startup by setting the spring.cache.cache-names property. If a
custom ConfigurationBuilder bean is defined, it is used to customize the caches.

Note

The support of Infinispan in Spring Boot is restricted to the embedded mode and is quite
basic. If you want more options, you should use the official Infinispan Spring Boot
starter instead. See
Infinispan’s documentation for more
details.

32.1.6 Couchbase

If the Couchbase Java client and the couchbase-spring-cache
implementation are available and Couchbase is configured, a
CouchbaseCacheManager is auto-configured. It is also possible to create additional
caches on startup by setting the spring.cache.cache-names property. These caches
operate on the Bucket that was auto-configured. You can also create additional caches
on another Bucket by using the customizer. Assume you need two caches (cache1 and
cache2) on the "main" Bucket and one (cache3) cache with a custom time to live of 2
seconds on the “another” Bucket. You can create the first two caches through
configuration, as follows:

spring.cache.cache-names=cache1,cache2

Then you can define a @Configuration class to configure the extra Bucket and the
cache3 cache, as follows:

This sample configuration reuses the Cluster that was created through
auto-configuration.

32.1.7 Redis

If Redis is available and configured, a RedisCacheManager is
auto-configured. It is possible to create additional caches on startup by setting the
spring.cache.cache-names property and cache defaults can be configured by using
spring.cache.redis.* properties. For instance, the following configuration creates
cache1 and cache2 caches with a time to live of 10 minutes:

By default, a key prefix is added so that, if two separate caches use the same
key, Redis does not have overlapping keys and cannot return invalid values. We strongly
recommend keeping this setting enabled if you create your own RedisCacheManager.

Tip

You can take full control of the configuration by adding a RedisCacheConfiguration@Bean of your own. This can be useful if you’re looking for customizing the
serialization strategy.

32.1.8 Caffeine

Caffeine is a Java 8 rewrite of Guava’s cache that
supersedes support for Guava. If Caffeine is present, a CaffeineCacheManager (provided
by the spring-boot-starter-cache “Starter”) is auto-configured. Caches can be created
on startup by setting the spring.cache.cache-names property and can be customized by one
of the following (in the indicated order):

A cache spec defined by spring.cache.caffeine.spec

A com.github.benmanes.caffeine.cache.CaffeineSpec bean is defined

A com.github.benmanes.caffeine.cache.Caffeine bean is defined

For instance, the following configuration creates cache1 and cache2 caches with a
maximum size of 500 and a time to live of 10 minutes

If a com.github.benmanes.caffeine.cache.CacheLoader bean is defined, it is
automatically associated to the CaffeineCacheManager. Since the CacheLoader is going
to be associated with all caches managed by the cache manager, it must be defined as
CacheLoader<Object, Object>. The auto-configuration ignores any other generic type.

32.1.9 Simple

If none of the other providers can be found, a simple implementation using a
ConcurrentHashMap as the cache store is configured. This is the default if no caching
library is present in your application. By default, caches are created as needed, but you
can restrict the list of available caches by setting the cache-names property. For
instance, if you want only cache1 and cache2 caches, set the cache-names property
as follows:

spring.cache.cache-names=cache1,cache2

If you do so and your application uses a cache not listed, then it fails at runtime when
the cache is needed, but not on startup. This is similar to the way the "real" cache
providers behave if you use an undeclared cache.

32.1.10 None

When @EnableCaching is present in your configuration, a suitable cache configuration is
expected as well. If you need to disable caching altogether in certain environments,
force the cache type to none to use a no-op implementation, as shown in the following
example:

spring.cache.type=none

33. Messaging

The Spring Framework provides extensive support for integrating with messaging systems,
from simplified use of the JMS API using JmsTemplate to a complete infrastructure to
receive messages asynchronously. Spring AMQP provides a similar feature set for the
Advanced Message Queuing Protocol. Spring Boot also provides auto-configuration
options for RabbitTemplate and RabbitMQ. Spring WebSocket natively includes support for
STOMP messaging, and Spring Boot has support for that through starters and a small amount
of auto-configuration. Spring Boot also has support for Apache Kafka.

33.1 JMS

The javax.jms.ConnectionFactory interface provides a standard method of creating a
javax.jms.Connection for interacting with a JMS broker. Although Spring needs a
ConnectionFactory to work with JMS, you generally need not use it directly yourself and
can instead rely on higher level messaging abstractions. (See the
relevant section of the Spring Framework
reference documentation for details.) Spring Boot also auto-configures the necessary
infrastructure to send and receive messages.

33.1.1 ActiveMQ Support

When ActiveMQ is available on the classpath, Spring Boot can
also configure a ConnectionFactory. If the broker is present, an embedded broker is
automatically started and configured (provided no broker URL is specified through
configuration).

Note

If you use spring-boot-starter-activemq, the necessary dependencies to connect or
embed an ActiveMQ instance are provided, as is the Spring infrastructure to integrate with
JMS.

ActiveMQ configuration is controlled by external configuration properties in
spring.activemq.*. For example, you might declare the following section in
application.properties:

See
ActiveMQProperties
for more of the supported options. You can also register an arbitrary number of beans
that implement ActiveMQConnectionFactoryCustomizer for more advanced customizations.

By default, ActiveMQ creates a destination if it does not yet exist so that destinations
are resolved against their provided names.

33.1.2 Artemis Support

Spring Boot can auto-configure a ConnectionFactory when it detects that
Artemis is available on the classpath. If the broker
is present, an embedded broker is automatically started and configured (unless the mode
property has been explicitly set). The supported modes are embedded (to make explicit
that an embedded broker is required and that an error should occur if the broker is not
available on the classpath) and native (to connect to a broker using the netty
transport protocol). When the latter is configured, Spring Boot configures a
ConnectionFactory that connects to a broker running on the local machine with the
default settings.

Note

If you use spring-boot-starter-artemis, the necessary dependencies to
connect to an existing Artemis instance are provided, as well as the Spring
infrastructure to integrate with JMS. Adding org.apache.activemq:artemis-jms-server to
your application lets you use embedded mode.

Artemis configuration is controlled by external configuration properties in
spring.artemis.*. For example, you might declare the following section in
application.properties:

When embedding the broker, you can choose if you want to enable persistence and list the
destinations that should be made available. These can be specified as a comma-separated
list to create them with the default options, or you can define bean(s) of type
org.apache.activemq.artemis.jms.server.config.JMSQueueConfiguration or
org.apache.activemq.artemis.jms.server.config.TopicConfiguration, for advanced queue
and topic configurations, respectively.

By default, a CachingConnectionFactory wraps the native ConnectionFactory with
sensible settings that you can control by external configuration properties in
spring.jms.*:

spring.jms.cache.session-cache-size=5

If you’d rather use native pooling, you can do so by adding a dependency to
org.messaginghub:pooled-jms and configuring the JmsPoolConnectionFactory accordingly,
as shown in the following example:

No JNDI lookup is involved, and destinations are resolved against their names, using
either the name attribute in the Artemis configuration or the names provided through
configuration.

33.1.3 Using a JNDI ConnectionFactory

If you are running your application in an application server, Spring Boot tries to
locate a JMS ConnectionFactory by using JNDI. By default, the java:/JmsXA and
java:/XAConnectionFactory location are checked. You can use the spring.jms.jndi-name
property if you need to specify an alternative location, as shown in the following
example:

spring.jms.jndi-name=java:/MyConnectionFactory

33.1.4 Sending a Message

Spring’s JmsTemplate is auto-configured, and you can autowire it directly into your own
beans, as shown in the following example:

JmsMessagingTemplate can
be injected in a similar manner. If a DestinationResolver or a MessageConverter bean
is defined, it is associated automatically to the auto-configured JmsTemplate.

33.1.5 Receiving a Message

When the JMS infrastructure is present, any bean can be annotated with @JmsListener to
create a listener endpoint. If no JmsListenerContainerFactory has been defined, a
default one is configured automatically. If a DestinationResolver or a
MessageConverter beans is defined, it is associated automatically to the default
factory.

By default, the default factory is transactional. If you run in an infrastructure where a
JtaTransactionManager is present, it is associated to the listener container by default.
If not, the sessionTransacted flag is enabled. In that latter scenario, you can
associate your local data store transaction to the processing of an incoming message by
adding @Transactional on your listener method (or a delegate thereof). This ensures that
the incoming message is acknowledged, once the local transaction has completed. This also
includes sending response messages that have been performed on the same JMS session.

The following component creates a listener endpoint on the someQueue destination:

If you need to create more JmsListenerContainerFactory instances or if you want to
override the default, Spring Boot provides a
DefaultJmsListenerContainerFactoryConfigurer that you can use to initialize a
DefaultJmsListenerContainerFactory with the same settings as the one that is
auto-configured.

For instance, the following example exposes another factory that uses a specific
MessageConverter:

33.2 AMQP

The Advanced Message Queuing Protocol (AMQP) is a platform-neutral, wire-level protocol
for message-oriented middleware. The Spring AMQP project applies core Spring concepts to
the development of AMQP-based messaging solutions. Spring Boot offers several conveniences
for working with AMQP through RabbitMQ, including the spring-boot-starter-amqp
“Starter”.

33.2.1 RabbitMQ support

RabbitMQ is a lightweight, reliable, scalable, and portable
message broker based on the AMQP protocol. Spring uses RabbitMQ to communicate through
the AMQP protocol.

RabbitMQ configuration is controlled by external configuration properties in
spring.rabbitmq.*. For example, you might declare the following section in
application.properties:

If a ConnectionNameStrategy bean exists in the context, it will be automatically used to
name connections created by the auto-configured ConnectionFactory. See
RabbitProperties for more
of the supported options.

Retries are disabled by default. You can also customize the RetryTemplate
programmatically by declaring a RabbitRetryTemplateCustomizer bean.

33.2.3 Receiving a Message

When the Rabbit infrastructure is present, any bean can be annotated with
@RabbitListener to create a listener endpoint. If no RabbitListenerContainerFactory
has been defined, a default SimpleRabbitListenerContainerFactory is automatically
configured and you can switch to a direct container using the
spring.rabbitmq.listener.type property. If a MessageConverter or a MessageRecoverer
bean is defined, it is automatically associated with the default factory.

The following sample component creates a listener endpoint on the someQueue queue:

If you need to create more RabbitListenerContainerFactory instances or if you want to
override the default, Spring Boot provides a
SimpleRabbitListenerContainerFactoryConfigurer and a
DirectRabbitListenerContainerFactoryConfigurer that you can use to initialize a
SimpleRabbitListenerContainerFactory and a DirectRabbitListenerContainerFactory with
the same settings as the factories used by the auto-configuration.

Tip

It does not matter which container type you chose. Those two beans are exposed by
the auto-configuration.

For instance, the following configuration class exposes another factory that uses a
specific MessageConverter:

You can enable retries to handle situations where your listener throws an exception. By
default, RejectAndDontRequeueRecoverer is used, but you can define a MessageRecoverer
of your own. When retries are exhausted, the message is rejected and either dropped or
routed to a dead-letter exchange if the broker is configured to do so. By default,
retries are disabled. You can also customize the RetryTemplate programmatically by
declaring a RabbitRetryTemplateCustomizer bean.

Important

By default, if retries are disabled and the listener throws an exception, the
delivery is retried indefinitely. You can modify this behavior in two ways: Set the
defaultRequeueRejected property to false so that zero re-deliveries are attempted or
throw an AmqpRejectAndDontRequeueException to signal the message should be rejected.
The latter is the mechanism used when retries are enabled and the maximum number of
delivery attempts is reached.

33.3 Apache Kafka Support

Apache Kafka is supported by providing auto-configuration of
the spring-kafka project.

Kafka configuration is controlled by external configuration properties in
spring.kafka.*. For example, you might declare the following section in
application.properties:

If the property spring.kafka.producer.transaction-id-prefix is defined, a
KafkaTransactionManager is automatically configured. Also, if a RecordMessageConverter
bean is defined, it is automatically associated to the auto-configured KafkaTemplate.

33.3.2 Receiving a Message

When the Apache Kafka infrastructure is present, any bean can be annotated with
@KafkaListener to create a listener endpoint. If no KafkaListenerContainerFactory has
been defined, a default one is automatically configured with keys defined in
spring.kafka.listener.*.

The following component creates a listener endpoint on the someTopic topic:

If a KafkaTransactionManager bean is defined, it is automatically associated to the
container factory. Similarly, if a RecordMessageConverter, ErrorHandler or
AfterRollbackProcessor bean is defined, it is automatically associated to the default
factory.

Tip

A custom ChainedKafkaTransactionManager must be marked @Primary as it usually
references the auto-configured KafkaTransactionManager bean.

33.3.3 Kafka Streams

Spring for Apache Kafka provides a factory bean to create a StreamsBuilder object and
manage the lifecycle of its streams. Spring Boot auto-configures the required
KafkaStreamsConfiguration bean as long as kafka-streams is on the classpath and Kafka
Streams is enabled via the @EnableKafkaStreams annotation.

Enabling Kafka Streams means that the application id and bootstrap servers must be set.
The former can be configured using spring.kafka.streams.application-id, defaulting to
spring.application.name if not set. The latter can be set globally or
specifically overridden just for streams.

Several additional properties are available using dedicated properties; other arbitrary
Kafka properties can be set using the spring.kafka.streams.properties namespace. See
also Section 33.3.4, “Additional Kafka Properties” for more information.

To use the factory bean, simply wire StreamsBuilder into your @Bean as shown in the
following example:

By default, the streams managed by the StreamBuilder object it creates are started
automatically. You can customize this behaviour using the
spring.kafka.streams.auto-startup property.

33.3.4 Additional Kafka Properties

The properties supported by auto configuration are shown in
Appendix A, Common application properties. Note that, for the most part, these properties
(hyphenated or camelCase) map directly to the Apache Kafka dotted properties. Refer to the
Apache Kafka documentation for details.

The first few of these properties apply to all components (producers, consumers, admins,
and streams) but can be
specified at the component level if you wish to use different values.
Apache Kafka designates properties with an importance of HIGH, MEDIUM, or LOW. Spring Boot
auto-configuration supports all HIGH importance properties, some selected MEDIUM and LOW
properties, and any properties that do not have a default value.

Only a subset of the properties supported by Kafka are available directly through the
KafkaProperties class. If you wish to configure the producer or consumer with additional
properties that are not directly supported, use the following properties:

This sets the common prop.one Kafka property to first (applies to producers,
consumers and admins), the prop.two admin property to second, the prop.three
consumer property to third, the prop.four producer property to fourth and the
prop.five streams property to fifth.

Properties set in this way override any configuration item that Spring Boot
explicitly supports.

34. Calling REST Services with RestTemplate

If you need to call remote REST services from your application, you can use the Spring
Framework’s RestTemplate class. Since
RestTemplate instances often need to be customized before being used, Spring Boot does
not provide any single auto-configured RestTemplate bean. It does, however,
auto-configure a RestTemplateBuilder, which can be used to create RestTemplate
instances when needed. The auto-configured RestTemplateBuilder ensures that sensible
HttpMessageConverters are applied to RestTemplate instances.

RestTemplateBuilder includes a number of useful methods that can be used to
quickly configure a RestTemplate. For example, to add BASIC auth support, you can use
builder.basicAuthentication("user", "password").build().

34.1 RestTemplate Customization

There are three main approaches to RestTemplate customization, depending on how broadly
you want the customizations to apply.

To make the scope of any customizations as narrow as possible, inject the auto-configured
RestTemplateBuilder and then call its methods as required. Each method call returns a
new RestTemplateBuilder instance, so the customizations only affect this use of the
builder.

To make an application-wide, additive customization, use a RestTemplateCustomizer bean.
All such beans are automatically registered with the auto-configured RestTemplateBuilder
and are applied to any templates that are built with it.

The following example shows a customizer that configures the use of a proxy for all hosts
except 192.168.0.5:

Finally, the most extreme (and rarely used) option is to create your own
RestTemplateBuilder bean. Doing so switches off the auto-configuration of a
RestTemplateBuilder and prevents any RestTemplateCustomizer beans from being used.

35. Calling REST Services with WebClient

If you have Spring WebFlux on your classpath, you can also choose to use WebClient to
call remote REST services. Compared to RestTemplate, this client has a more functional
feel and is fully reactive. You can learn more about the WebClient in the dedicated
section in the Spring Framework docs.

Spring Boot creates and pre-configures a WebClient.Builder for you; it is strongly
advised to inject it in your components and use it to create WebClient instances.
Spring Boot is configuring that builder to share HTTP resources, reflect codecs
setup in the same fashion as the server ones (see
WebFlux HTTP codecs auto-configuration), and more.

35.1 WebClient Runtime

Spring Boot will auto-detect which ClientHttpConnector to use to drive WebClient,
depending on the libraries available on the application classpath. For now, Reactor
Netty and Jetty RS client are supported.

The spring-boot-starter-webflux starter depends on io.projectreactor.netty:reactor-netty
by default, which brings both server and client implementations. If you choose to use Jetty
as a reactive server instead, you should add a dependency on the Jetty Reactive HTTP
client library, org.eclipse.jetty:jetty-reactive-httpclient. Using the same technology
for server and client has it advantages, as it will automatically share HTTP resources
between client and server.

Developers can override the resource configuration for Jetty and Reactor Netty by providing
a custom ReactorResourceFactory or JettyResourceFactory bean - this will be applied to
both clients and servers.

If you wish to override that choice for the client, you can define your own
ClientHttpConnector bean and have full control over the client configuration.

35.2 WebClient Customization

There are three main approaches to WebClient customization, depending on how broadly you
want the customizations to apply.

To make the scope of any customizations as narrow as possible, inject the auto-configured
WebClient.Builder and then call its methods as required. WebClient.Builder instances
are stateful: Any change on the builder is reflected in all clients subsequently created
with it. If you want to create several clients with the same builder, you can also
consider cloning the builder with WebClient.Builder other = builder.clone();.

To make an application-wide, additive customization to all WebClient.Builder instances,
you can declare WebClientCustomizer beans and change the WebClient.Builder locally at
the point of injection.

Finally, you can fall back to the original API and use WebClient.create(). In that case,
no auto-configuration or WebClientCustomizer is applied.

36. Validation

The method validation feature supported by Bean Validation 1.1 is automatically enabled
as long as a JSR-303 implementation (such as Hibernate validator) is on the classpath.
This lets bean methods be annotated with javax.validation constraints on their
parameters and/or on their return value. Target classes with such annotated methods need
to be annotated with the @Validated annotation at the type level for their methods to
be searched for inline constraint annotations.

For instance, the following service triggers the validation of the first argument, making
sure its size is between 8 and 10:

If spring.mail.host and the relevant libraries (as defined by
spring-boot-starter-mail) are available, a default JavaMailSender is created if none
exists. The sender can be further customized by configuration items from the
spring.mail namespace. See
MailProperties for more
details.

In particular, certain default timeout values are infinite, and you may want to change
that to avoid having a thread blocked by an unresponsive mail server, as shown in the
following example:

It is also possible to configure a JavaMailSender with an existing Session from JNDI:

spring.mail.jndi-name=mail/Session

When a jndi-name is set, it takes precedence over all other Session-related settings.

38. Distributed Transactions with JTA

Spring Boot supports distributed JTA transactions across multiple XA resources by using
either an Atomikos or Bitronix
embedded transaction manager. JTA transactions are also supported when deploying to a
suitable Java EE Application Server.

When a JTA environment is detected, Spring’s JtaTransactionManager is used to manage
transactions. Auto-configured JMS, DataSource, and JPA beans are upgraded to support XA
transactions. You can use standard Spring idioms, such as @Transactional, to participate
in a distributed transaction. If you are within a JTA environment and still want to use
local transactions, you can set the spring.jta.enabled property to false to disable
the JTA auto-configuration.

38.1 Using an Atomikos Transaction Manager

Atomikos is a popular open source transaction manager which can
be embedded into your Spring Boot application. You can use the
spring-boot-starter-jta-atomikos Starter to pull in the appropriate Atomikos libraries.
Spring Boot auto-configures Atomikos and ensures that appropriate depends-on settings
are applied to your Spring beans for correct startup and shutdown ordering.

By default, Atomikos transaction logs are written to a transaction-logs directory in
your application’s home directory (the directory in which your application jar file
resides). You can customize the location of this directory by setting a
spring.jta.log-dir property in your application.properties file. Properties starting
with spring.jta.atomikos.properties can also be used to customize the Atomikos
UserTransactionServiceImp. See the
AtomikosProperties Javadoc
for complete details.

Note

To ensure that multiple transaction managers can safely coordinate the same
resource managers, each Atomikos instance must be configured with a unique ID. By default,
this ID is the IP address of the machine on which Atomikos is running. To ensure
uniqueness in production, you should configure the spring.jta.transaction-manager-id
property with a different value for each instance of your application.

38.2 Using a Bitronix Transaction Manager

Bitronix is a popular open-source JTA transaction
manager implementation. You can use the spring-boot-starter-jta-bitronix starter to add
the appropriate Bitronix dependencies to your project. As with Atomikos, Spring Boot
automatically configures Bitronix and post-processes your beans to ensure that startup and
shutdown ordering is correct.

By default, Bitronix transaction log files (part1.btm and part2.btm) are written to
a transaction-logs directory in your application home directory. You can customize the
location of this directory by setting the spring.jta.log-dir property. Properties
starting with spring.jta.bitronix.properties are also bound to the
bitronix.tm.Configuration bean, allowing for complete customization. See the
Bitronix
documentation for details.

Note

To ensure that multiple transaction managers can safely coordinate the same
resource managers, each Bitronix instance must be configured with a unique ID. By default,
this ID is the IP address of the machine on which Bitronix is running. To ensure
uniqueness in production, you should configure the spring.jta.transaction-manager-id
property with a different value for each instance of your application.

38.3 Using a Java EE Managed Transaction Manager

If you package your Spring Boot application as a war or ear file and deploy it to a
Java EE application server, you can use your application server’s built-in transaction
manager. Spring Boot tries to auto-configure a transaction manager by looking at common
JNDI locations (java:comp/UserTransaction, java:comp/TransactionManager, and so on).
If you use a transaction service provided by your application server, you generally also
want to ensure that all resources are managed by the server and exposed over JNDI. Spring
Boot tries to auto-configure JMS by looking for a ConnectionFactory at the JNDI path
(java:/JmsXA or java:/XAConnectionFactory), and you can use the
spring.datasource.jndi-name property
to configure your DataSource.

38.4 Mixing XA and Non-XA JMS Connections

When using JTA, the primary JMS ConnectionFactory bean is XA-aware and participates
in distributed transactions. In some situations, you might want to process certain JMS
messages by using a non-XA ConnectionFactory. For example, your JMS processing logic
might take longer than the XA timeout.

If you want to use a non-XA ConnectionFactory, you can inject the
nonXaJmsConnectionFactory bean rather than the @PrimaryjmsConnectionFactory bean.
For consistency, the jmsConnectionFactory bean is also provided by using the bean alias
xaJmsConnectionFactory.

The following example shows how to inject ConnectionFactory instances:

38.5 Supporting an Alternative Embedded Transaction Manager

The XAConnectionFactoryWrapper
and XADataSourceWrapper interfaces
can be used to support alternative embedded transaction managers. The interfaces are
responsible for wrapping XAConnectionFactory and XADataSource beans and exposing them
as regular ConnectionFactory and DataSource beans, which transparently enroll in the
distributed transaction. DataSource and JMS auto-configuration use JTA variants, provided
you have a JtaTransactionManager bean and appropriate XA wrapper beans registered
within your ApplicationContext.

39. Hazelcast

If Hazelcast is on the classpath and a suitable configuration is
found, Spring Boot auto-configures a HazelcastInstance that you can inject in your
application.

If you define a com.hazelcast.config.Config bean, Spring Boot uses that. If your
configuration defines an instance name, Spring Boot tries to locate an existing instance
rather than creating a new one.

You could also specify the hazelcast.xml configuration file to use through
configuration, as shown in the following example:

spring.hazelcast.config=classpath:config/my-hazelcast.xml

Otherwise, Spring Boot tries to find the Hazelcast configuration from the default
locations: hazelcast.xml in the working directory or at the root of the classpath. We
also check if the hazelcast.config system property is set. See the
Hazelcast documentation for
more details.

If hazelcast-client is present on the classpath, Spring Boot first attempts to create a
client by checking the following configuration options:

The presence of a com.hazelcast.client.config.ClientConfig bean.

A configuration file defined by the spring.hazelcast.config property.

The presence of the hazelcast.client.config system property.

A hazelcast-client.xml in the working directory or at the root of the classpath.

40. Quartz Scheduler

Spring Boot offers several conveniences for working with the
Quartz scheduler, including the
spring-boot-starter-quartz “Starter”. If Quartz is available, a Scheduler is
auto-configured (through the SchedulerFactoryBean abstraction).

Beans of the following types are automatically picked up and associated with the
Scheduler:

JobDetail: defines a particular Job. JobDetail instances can be built with the
JobBuilder API.

Calendar.

Trigger: defines when a particular job is triggered.

By default, an in-memory JobStore is used. However, it is possible to configure a
JDBC-based store if a DataSource bean is available in your application and if the
spring.quartz.job-store-type property is configured accordingly, as shown in the
following example:

spring.quartz.job-store-type=jdbc

When the JDBC store is used, the schema can be initialized on startup, as shown in the
following example:

spring.quartz.jdbc.initialize-schema=always

Note

By default, the database is detected and initialized by using the standard scripts
provided with the Quartz library. It is also possible to provide a custom script by
setting the spring.quartz.jdbc.schema property.

To have Quartz use a DataSource other than the application’s main DataSource, declare
a DataSource bean, annotating its @Bean method with @QuartzDataSource. Doing so
ensures that the Quartz-specific DataSource is used by both the SchedulerFactoryBean
and for schema initialization.

By default, jobs created by configuration will not overwrite already registered jobs that
have been read from a persistent job store. To enable overwriting existing job definitions
set the spring.quartz.overwrite-existing-jobs property.

Quartz Scheduler configuration can be customized using spring.quartz properties and
SchedulerFactoryBeanCustomizer beans, which allow programmatic SchedulerFactoryBean
customization. Advanced Quartz configuration properties can be customized using
spring.quartz.properties.*.

Note

In particular, an Executor bean is not associated with the scheduler as Quartz
offers a way to configure the scheduler via spring.quartz.properties. If you need
to customize the task executor, consider implementing SchedulerFactoryBeanCustomizer.

Jobs can define setters to inject data map properties. Regular beans can also be injected
in a similar manner, as shown in the following example:

41. Task Execution and Scheduling

In the absence of a TaskExecutor bean in the context, Spring Boot auto-configures a
ThreadPoolTaskExecutor with sensible defaults that can be automatically associated to
asynchronous task execution (@EnableAsync) and Spring MVC asynchronous request
processing.

The thread pool uses 8 core threads that can grow and shrink according to the load. Those
default settings can be fine-tuned using the spring.task.execution namespace as shown in
the following example:

This changes the thread pool to use a bounded queue so that when the queue is full (100
tasks), the thread pool increases to maximum 16 threads. Shrinking of the pool is more
aggressive as threads are reclaimed when they are idle for 10 seconds (rather than
60 seconds by default).

A ThreadPoolTaskScheduler can also be auto-configured if need to be associated to
scheduled task execution (@EnableScheduling). The thread pool uses one thread by default
and those settings can be fine-tuned using the spring.task.scheduling namespace.

Both a TaskExecutorBuilder bean and a TaskSchedulerBuilder bean are made available in
the context if a custom executor or scheduler needs to be created.

42. Spring Integration

Spring Boot offers several conveniences for working with Spring
Integration, including the spring-boot-starter-integration “Starter”. Spring
Integration provides abstractions over messaging and also other transports such as HTTP,
TCP, and others. If Spring Integration is available on your classpath, it is initialized
through the @EnableIntegration annotation.

Spring Boot also configures some features that are triggered by the presence of additional
Spring Integration modules. If spring-integration-jmx is also on the classpath,
message processing statistics are published over JMX . If spring-integration-jdbc is
available, the default database schema can be created on startup, as shown in the
following line:

By default, if a Micrometer meterRegistry bean is present, Spring Integration metrics
will be managed by Micrometer. If you wish to use legacy Spring Integration metrics, add
a DefaultMetricsFactory bean to the application context.

43. Spring Session

Spring Boot provides Spring Session auto-configuration for a wide range
of data stores. When building a Servlet web application, the following stores can be
auto-configured:

JDBC

Redis

Hazelcast

MongoDB

When building a reactive web application, the following stores can be auto-configured:

Redis

MongoDB

If a single Spring Session module is present on the classpath, Spring Boot uses that store
implementation automatically. If you have more than one implementation, you must choose
the StoreType that you wish
to use to store the sessions. For instance, to use JDBC as the back-end store, you can
configure your application as follows:

spring.session.store-type=jdbc

Tip

You can disable Spring Session by setting the store-type to none.

Each store has specific additional settings. For instance, it is possible to customize
the name of the table for the JDBC store, as shown in the following example:

spring.session.jdbc.table-name=SESSIONS

For setting the timeout of the session you can use the spring.session.timeout property.
If that property is not set, the auto-configuration falls back to the value of
server.servlet.session.timeout.

44. Monitoring and Management over JMX

Java Management Extensions (JMX) provide a standard mechanism to monitor and manage
applications. By default, Spring Boot creates an MBeanServer bean with an ID of
mbeanServer and exposes any of your beans that are annotated with Spring JMX
annotations (@ManagedResource, @ManagedAttribute, or @ManagedOperation).

45. Testing

Spring Boot provides a number of utilities and annotations to help when testing your
application. Test support is provided by two modules: spring-boot-test contains core
items, and spring-boot-test-autoconfigure supports auto-configuration for tests.

Most developers use the spring-boot-starter-test “Starter”, which imports both Spring
Boot test modules as well as JUnit, AssertJ, Hamcrest, and a number of other useful
libraries.

45.1 Test Scope Dependencies

The spring-boot-starter-test “Starter” (in the testscope) contains
the following provided libraries:

We generally find these common libraries to be useful when writing tests. If these
libraries do not suit your needs, you can add additional test dependencies of your own.

45.2 Testing Spring Applications

One of the major advantages of dependency injection is that it should make your code
easier to unit test. You can instantiate objects by using the new operator without
even involving Spring. You can also use mock objects instead of real dependencies.

Often, you need to move beyond unit testing and start integration testing (with
a Spring ApplicationContext). It is useful to be able to perform integration testing
without requiring deployment of your application or needing to connect to other
infrastructure.

The Spring Framework includes a dedicated test module for such integration testing. You
can declare a dependency directly to org.springframework:spring-test or use the
spring-boot-starter-test “Starter” to pull it in transitively.

If you have not used the spring-test module before, you should start by reading the
relevant section of the Spring Framework
reference documentation.

45.3 Testing Spring Boot Applications

A Spring Boot application is a Spring ApplicationContext, so nothing very special has
to be done to test it beyond what you would normally do with a vanilla Spring context.

Note

External properties, logging, and other features of Spring Boot are installed in the
context by default only if you use SpringApplication to create it.

If you are using JUnit 4, don’t forget to also add @RunWith(SpringRunner.class) to
your test, otherwise the annotations will be ignored. If you are using JUnit 5, there’s no
need to add the equivalent @ExtendWith(SpringExtension) as @SpringBootTest and the
other @…Test annotations are already annotated with it.

By default, @SpringBootTest will not start a server. You can use the webEnvironment
attribute of @SpringBootTest to further refine how your tests run:

MOCK(Default) : Loads a web ApplicationContext and provides a mock web
environment. Embedded servers are not started when using this annotation. If a web
environment is not available on your classpath, this mode transparently falls back to
creating a regular non-web ApplicationContext. It can be used in conjunction with
@AutoConfigureMockMvc or @AutoConfigureWebTestClient for mock-based testing of your
web application.

RANDOM_PORT: Loads a WebServerApplicationContext and provides a real web
environment. Embedded servers are started and listen on a random port.

DEFINED_PORT: Loads a WebServerApplicationContext and provides a real web
environment. Embedded servers are started and listen on a defined port (from your
application.properties) or on the default port of 8080.

NONE: Loads an ApplicationContext by using SpringApplication but does not provide
any web environment (mock or otherwise).

Note

If your test is @Transactional, it rolls back the transaction at the end of each
test method by default. However, as using this arrangement with either RANDOM_PORT or
DEFINED_PORT implicitly provides a real servlet environment, the HTTP client and server
run in separate threads and, thus, in separate transactions. Any transaction initiated on
the server does not roll back in this case.

Note

@SpringBootTest with webEnvironment = WebEnvironment.RANDOM_PORT will also
start the management server on a separate random port if your application uses a different
port for the management server.

45.3.1 Detecting Web Application Type

If Spring MVC is available, a regular MVC-based application context is configured. If you
have only Spring WebFlux, we’ll detect that and configure a WebFlux-based application
context instead.

If both are present, Spring MVC takes precedence. If you want to test a reactive web
application in this scenario, you must set the spring.main.web-application-type
property:

45.3.2 Detecting Test Configuration

If you are familiar with the Spring Test Framework, you may be used to using
@ContextConfiguration(classes=…​) in order to specify which Spring @Configuration to
load. Alternatively, you might have often used nested @Configuration classes within
your test.

When testing Spring Boot applications, this is often not required. Spring Boot’s @*Test
annotations search for your primary configuration automatically whenever you do not
explicitly define one.

The search algorithm works up from the package that contains the test until it finds a
class annotated with @SpringBootApplication or @SpringBootConfiguration. As long as
you structured your code in a sensible way, your
main configuration is usually found.

The underlying component scan configuration of @SpringBootApplication defines exclude
filters that are used to make sure slicing works as expected. If you are using an explicit
@ComponentScan directive on your @SpringBootApplication-annotated class, be aware that
those filters will be disabled. If you are using slicing, you should define them again.

If you want to customize the primary configuration, you can use a nested
@TestConfiguration class. Unlike a nested @Configuration class, which would be used
instead of your application’s primary configuration, a nested @TestConfiguration class
is used in addition to your application’s primary configuration.

Note

Spring’s test framework caches application contexts between tests. Therefore, as
long as your tests share the same configuration (no matter how it is discovered), the
potentially time-consuming process of loading the context happens only once.

45.3.3 Excluding Test Configuration

If your application uses component scanning (for example, if you use
@SpringBootApplication or @ComponentScan), you may find top-level configuration
classes that you created only for specific tests accidentally get picked up everywhere.

As we have seen
earlier, @TestConfiguration can be used on an inner class of a test to customize the
primary configuration. When placed on a top-level class, @TestConfiguration indicates
that classes in src/test/java should not be picked up by scanning. You can then import
that class explicitly where it is required, as shown in the following example:

If you directly use @ComponentScan (that is, not through
@SpringBootApplication) you need to register the TypeExcludeFilter with it. See
the Javadoc for details.

45.3.4 Testing with a mock environment

By default, @SpringBootTest does not start the server. If you have web endpoints that
you want to test against this mock environment, you can additionally configure
MockMvc as shown in the
following example:

45.3.5 Testing with a running server

If you need to start a full running server, we recommend that you use random ports.
If you use @SpringBootTest(webEnvironment=WebEnvironment.RANDOM_PORT), an
available port is picked at random each time your test runs.

The @LocalServerPort annotation can be used to
inject the actual port used into your test.
For convenience, tests that need to make REST calls to the started server can
additionally @Autowire a
WebTestClient, which resolves
relative links to the running server and comes with a dedicated API for verifying
responses, as shown in the following example:

45.3.6 Using JMX

As the test context framework caches context, JMX is disabled by default to prevent
identical components to register on the same domain. If such test needs access to an
MBeanServer, consider marking it dirty as well:

45.3.7 Mocking and Spying Beans

When running tests, it is sometimes necessary to mock certain components within your
application context. For example, you may have a facade over some remote service that is
unavailable during development. Mocking can also be useful when you want to simulate
failures that might be hard to trigger in a real environment.

Spring Boot includes a @MockBean annotation that can be used to define a Mockito mock
for a bean inside your ApplicationContext. You can use the annotation to add new beans
or replace a single existing bean definition. The annotation can be used directly on test
classes, on fields within your test, or on @Configuration classes and fields. When used
on a field, the instance of the created mock is also injected. Mock beans are
automatically reset after each test method.

Note

If your test uses one of Spring Boot’s test annotations (such as @SpringBootTest), this
feature is automatically enabled. To use this feature with a different
arrangement, a listener must be explicitly added, as shown in the following example:

@TestExecutionListeners(MockitoTestExecutionListener.class)

The following example replaces an existing RemoteService bean with a mock
implementation:

Additionally, you can use @SpyBean to wrap any existing bean with a Mockito spy. See
the Javadoc for full details.

Note

While Spring’s test framework caches application contexts between tests and reuses
a context for tests sharing the same configuration, the use of @MockBean or @SpyBean
influences the cache key, which will most likely increase the number of contexts.

Tip

If you are using @SpyBean to spy on a bean with @Cacheable methods that refer
to parameters by name, your application must be compiled with -parameters. This
ensures that the parameter names are available to the caching infrastructure once the
bean has been spied upon.

45.3.8 Auto-configured Tests

Spring Boot’s auto-configuration system works well for applications but can sometimes be
a little too much for tests. It often helps to load only the parts of the configuration
that are required to test a “slice” of your application. For example, you might want to
test that Spring MVC controllers are mapping URLs correctly, and you do not want to
involve database calls in those tests, or you might want to test JPA entities, and you
are not interested in the web layer when those tests run.

The spring-boot-test-autoconfigure module includes a number of annotations that can be
used to automatically configure such “slices”. Each of them works in a similar way,
providing a @…​Test annotation that loads the ApplicationContext and one or
more @AutoConfigure…​ annotations that can be used to customize auto-configuration
settings.

Note

Each slice restricts component scan to appropriate components and loads a very
restricted set of auto-configuration classes. If you need to exclude one of them,
most @…​Test annotations provide an excludeAutoConfiguration attribute.
Alternatively, you can use @ImportAutoConfiguration#exclude.

Tip

It is also possible to use the @AutoConfigure…​ annotations with the standard
@SpringBootTest annotation. You can use this combination if you are not interested in
“slicing” your application but you want some of the auto-configured test beans.

45.3.9 Auto-configured JSON Tests

To test that object JSON serialization and deserialization is working as expected, you can
use the @JsonTest annotation. @JsonTest auto-configures the available supported JSON
mapper, which can be one of the following libraries:

Jackson ObjectMapper, any @JsonComponent beans and any Jackson Modules

If you need to configure elements of the auto-configuration, you can use the
@AutoConfigureJsonTesters annotation.

Spring Boot includes AssertJ-based helpers that work with the JSONAssert and JsonPath
libraries to check that JSON appears as expected. The JacksonTester, GsonTester,
JsonbTester, and BasicJsonTester classes can be used for Jackson, Gson, Jsonb, and
Strings respectively. Any helper fields on the test class can be @Autowired when using
@JsonTest. The following example shows a test class for Jackson:

JSON helper classes can also be used directly in standard unit tests. To do so,
call the initFields method of the helper in your @Before method if you do not use
@JsonTest.

45.3.10 Auto-configured Spring MVC Tests

To test whether Spring MVC controllers are working as expected, use the @WebMvcTest
annotation. @WebMvcTest auto-configures the Spring MVC infrastructure and limits
scanned beans to @Controller, @ControllerAdvice, @JsonComponent, Converter,
GenericConverter, Filter, WebMvcConfigurer, and HandlerMethodArgumentResolver.
Regular @Component beans are not scanned when using this annotation.

By default, Spring Boot puts WebDriver beans in a special “scope” to ensure
that the driver exits after each test and that a new instance is injected. If you do
not want this behavior, you can add @Scope("singleton") to your WebDriver@Bean
definition.

Warning

The webDriver scope created by Spring Boot will replace any user defined scope
of the same name. If you define your own webDriver scope you may find it stops working
when you use @WebMvcTest.

If you have Spring Security on the classpath, @WebMvcTest will also scan WebSecurityConfigurer
beans. Instead of disabling security completely for such tests, you can use Spring Security’s test support.
More details on how to use Spring Security’s MockMvc support can be found in
this Chapter 80, Testing With Spring Security how-to section.

45.3.11 Auto-configured Spring WebFlux Tests

To test that Spring WebFlux controllers are
working as expected, you can use the @WebFluxTest annotation. @WebFluxTest
auto-configures the Spring WebFlux infrastructure and limits scanned beans to
@Controller, @ControllerAdvice, @JsonComponent, Converter, GenericConverter, and
WebFluxConfigurer. Regular @Component beans are not scanned when the @WebFluxTest
annotation is used.

If you need to register extra components, such as Jackson Module, you can import
additional configuration classes using @Import on your test.

Often, @WebFluxTest is limited to a single controller and used in combination with the
@MockBean annotation to provide mock implementations for required collaborators.

@WebFluxTest also auto-configures
WebTestClient, which offers
a powerful way to quickly test WebFlux controllers without needing to start a full HTTP
server.

Tip

You can also auto-configure WebTestClient in a non-@WebFluxTest (such as
@SpringBootTest) by annotating it with @AutoConfigureWebTestClient. The following
example shows a class that uses both @WebFluxTest and a WebTestClient:

45.3.12 Auto-configured Data JPA Tests

You can use the @DataJpaTest annotation to test JPA applications. By default, it
configures an in-memory embedded database, scans for @Entity classes, and configures
Spring Data JPA repositories. Regular @Component beans are not loaded into the
ApplicationContext.

By default, data JPA tests are transactional and roll back at the end of each test. See
the relevant section
in the Spring Framework Reference Documentation for more details. If that is not what you
want, you can disable transaction management for a test or for the whole class as
follows:

Data JPA tests may also inject a
TestEntityManager
bean, which provides an alternative to the standard JPA EntityManager that is
specifically designed for tests. If you want to use TestEntityManager outside of
@DataJpaTest instances, you can also use the @AutoConfigureTestEntityManager
annotation. A JdbcTemplate is also available if you need that. The following example
shows the @DataJpaTest annotation in use:

In-memory embedded databases generally work well for tests, since they are fast and do
not require any installation. If, however, you prefer to run tests against a real
database you can use the @AutoConfigureTestDatabase annotation, as shown in the
following example:

45.3.13 Auto-configured JDBC Tests

@JdbcTest is similar to @DataJpaTest but is for tests that only require a
DataSource and do not use Spring Data JDBC. By default, it configures an in-memory
embedded database and a JdbcTemplate. Regular @Component beans are not loaded into
the ApplicationContext.

By default, JDBC tests are transactional and roll back at the end of each test. See the
relevant section in
the Spring Framework Reference Documentation for more details. If that is not what you
want, you can disable transaction management for a test or for the whole class, as
follows:

45.3.14 Auto-configured Data JDBC Tests

@DataJdbcTest is similar to @JdbcTest but is for tests that use Spring Data JDBC
repositories. By default, it configures an in-memory embedded database, a JdbcTemplate,
and Spring Data JDBC repositories. Regular @Component beans are not loaded into
the ApplicationContext.

By default, Data JDBC tests are transactional and roll back at the end of each test. See
the relevant section
in the Spring Framework Reference Documentation for more details. If that is not what you
want, you can disable transaction management for a test or for the whole test class as
shown
in the JDBC example.

45.3.15 Auto-configured jOOQ Tests

You can use @JooqTest in a similar fashion as @JdbcTest but for jOOQ-related tests.
As jOOQ relies heavily on a Java-based schema that corresponds with the database schema,
the existing DataSource is used. If you want to replace it with an in-memory database,
you can use @AutoConfigureTestDatabase to override those settings. (For more about using
jOOQ with Spring Boot, see "Section 30.6, “Using jOOQ”", earlier in this chapter.) Regular
@Component beans are not loaded into the ApplicationContext.

JOOQ tests are transactional and roll back at the end of each test by default. If that is
not what you want, you can disable transaction management for a test or for the whole
test class as
shown
in the JDBC example.

45.3.16 Auto-configured Data MongoDB Tests

You can use @DataMongoTest to test MongoDB applications. By default, it configures an
in-memory embedded MongoDB (if available), configures a MongoTemplate, scans for
@Document classes, and configures Spring Data MongoDB repositories. Regular
@Component beans are not loaded into the ApplicationContext. (For more about using
MongoDB with Spring Boot, see "Section 31.2, “MongoDB”", earlier in this chapter.)

Tip

A list of the auto-configuration settings that are enabled by @DataMongoTest can be
found in the appendix.

In-memory embedded MongoDB generally works well for tests, since it is fast and does not
require any developer installation. If, however, you prefer to run tests against a real
MongoDB server, you should exclude the embedded MongoDB auto-configuration, as shown in
the following example:

45.3.17 Auto-configured Data Neo4j Tests

You can use @DataNeo4jTest to test Neo4j applications. By default, it uses an in-memory
embedded Neo4j (if the embedded driver is available), scans for @NodeEntity classes, and
configures Spring Data Neo4j repositories. Regular @Component beans are not loaded into
the ApplicationContext. (For more about using Neo4J with Spring Boot, see
"Section 31.3, “Neo4j”", earlier in this chapter.)

Tip

A list of the auto-configuration settings that are enabled by @DataNeo4jTest can be
found in the appendix.

The following example shows a typical setup for using Neo4J tests in Spring Boot:

By default, Data Neo4j tests are transactional and roll back at the end of each test.
See the relevant
section in the Spring Framework Reference Documentation for more details. If that is not
what you want, you can disable transaction management for a test or for the whole class,
as follows:

45.3.18 Auto-configured Data Redis Tests

You can use @DataRedisTest to test Redis applications. By default, it scans for
@RedisHash classes and configures Spring Data Redis repositories. Regular @Component
beans are not loaded into the ApplicationContext. (For more about using Redis with
Spring Boot, see "Section 31.1, “Redis”", earlier in this chapter.)

Tip

A list of the auto-configuration settings that are enabled by @DataRedisTest can be
found in the appendix.

45.3.19 Auto-configured Data LDAP Tests

You can use @DataLdapTest to test LDAP applications. By default, it configures an
in-memory embedded LDAP (if available), configures an LdapTemplate, scans for @Entry
classes, and configures Spring Data LDAP repositories. Regular @Component beans are not
loaded into the ApplicationContext. (For more about using LDAP with
Spring Boot, see "Section 31.9, “LDAP”", earlier in this chapter.)

Tip

A list of the auto-configuration settings that are enabled by @DataLdapTest can be
found in the appendix.

In-memory embedded LDAP generally works well for tests, since it is fast and does not
require any developer installation. If, however, you prefer to run tests against a real
LDAP server, you should exclude the embedded LDAP auto-configuration, as shown in the
following example:

45.3.20 Auto-configured REST Clients

You can use the @RestClientTest annotation to test REST clients. By default, it
auto-configures Jackson, GSON, and Jsonb support, configures a RestTemplateBuilder, and
adds support for MockRestServiceServer. Regular @Component beans are not loaded into
the ApplicationContext.

Tip

A list of the auto-configuration settings that are enabled by @RestClientTest can
be found in the appendix.

The specific beans that you want to test should be specified by using the value or
components attribute of @RestClientTest, as shown in the following example:

45.3.21 Auto-configured Spring REST Docs Tests

You can use the @AutoConfigureRestDocs annotation to use Spring REST
Docs in your tests with Mock MVC or REST Assured. It removes the need for the JUnit rule
in Spring REST Docs.

@AutoConfigureRestDocs can be used to override the default output directory
(target/generated-snippets if you are using Maven or build/generated-snippets if you
are using Gradle). It can also be used to configure the host, scheme, and port that
appears in any documented URIs.

Auto-configured Spring REST Docs Tests with Mock MVC

@AutoConfigureRestDocs customizes the MockMvc bean to use Spring REST Docs. You can
inject it by using @Autowired and use it in your tests as you normally would when using
Mock MVC and Spring REST Docs, as shown in the following example:

If you require more control over Spring REST Docs configuration than offered by the
attributes of @AutoConfigureRestDocs, you can use a
RestDocsMockMvcConfigurationCustomizer bean, as shown in the following example:

If you want to make use of Spring REST Docs support for a parameterized output directory,
you can create a RestDocumentationResultHandler bean. The auto-configuration calls
alwaysDo with this result handler, thereby causing each MockMvc call to automatically
generate the default snippets. The following example shows a
RestDocumentationResultHandler being defined:

Auto-configured Spring REST Docs Tests with REST Assured

@AutoConfigureRestDocs makes a RequestSpecification bean, preconfigured to use Spring
REST Docs, available to your tests. You can inject it by using @Autowired and use it in
your tests as you normally would when using REST Assured and Spring REST Docs, as shown
in the following example:

If you require more control over Spring REST Docs configuration than offered by the
attributes of @AutoConfigureRestDocs, a RestDocsRestAssuredConfigurationCustomizer
bean can be used, as shown in the following example:

45.3.22 Additional Auto-configuration and Slicing

Each slice provides one or more @AutoConfigure…​ annotations that namely defines the
auto-configurations that should be included as part of a slice. Additional
auto-configurations can be added by creating a custom @AutoConfigure…​ annotation or
simply by adding @ImportAutoConfiguration to the test as shown in the following example:

Because this class is the source configuration for the test, any slice test actually
tries to start Spring Batch, which is definitely not what you want to do. A recommended
approach is to move that area-specific configuration to a separate @Configuration class
at the same level as your application, as shown in the following example:

Depending on the complexity of your application, you may either have a single
@Configuration class for your customizations or one class per domain area. The latter
approach lets you enable it in one of your tests, if necessary, with the @Import
annotation.

Another source of confusion is classpath scanning. Assume that, while you structured your
code in a sensible way, you need to scan an additional package. Your application may
resemble the following code:

Doing so effectively overrides the default component scan directive with the side effect
of scanning those two packages regardless of the slice that you chose. For instance, a
@DataJpaTest seems to suddenly scan components and user configurations of your
application. Again, moving the custom directive to a separate class is a good way to fix
this issue.

Tip

If this is not an option for you, you can create a @SpringBootConfiguration
somewhere in the hierarchy of your test so that it is used instead. Alternatively, you
can specify a source for your test, which disables the behavior of finding a default one.

45.3.24 Using Spock to Test Spring Boot Applications

If you wish to use Spock to test a Spring Boot application, you should add a dependency
on Spock’s spock-spring module to your application’s build. spock-spring integrates
Spring’s test framework into Spock. It is recommended that you use Spock 1.2 or later to
benefit from a number of improvements to Spock’s Spring Framework and Spring Boot
integration. See the
documentation for Spock’s Spring module for further details.

45.4 Test Utilities

A few test utility classes that are generally useful when testing your application are
packaged as part of spring-boot.

45.4.1 ConfigFileApplicationContextInitializer

ConfigFileApplicationContextInitializer is an ApplicationContextInitializer that you
can apply to your tests to load Spring Boot application.properties files. You can use
it when you do not need the full set of features provided by @SpringBootTest, as shown
in the following example:

Using ConfigFileApplicationContextInitializer alone does not provide support for
@Value("${…​}") injection. Its only job is to ensure that application.properties
files are loaded into Spring’s Environment. For @Value support, you need to either
additionally configure a PropertySourcesPlaceholderConfigurer or use @SpringBootTest,
which auto-configures one for you.

45.4.2 TestPropertyValues

TestPropertyValues lets you quickly add properties to a
ConfigurableEnvironment or ConfigurableApplicationContext. You can call it with
key=value strings, as follows:

TestPropertyValues.of("org=Spring", "name=Boot").applyTo(env);

45.4.3 OutputCapture

OutputCapture is a JUnit Rule that you can use to capture System.out and
System.err output. You can declare the capture as a @Rule and then use toString()
for assertions, as follows:

TestRestTemplate is a convenience alternative to Spring’s RestTemplate that is useful
in integration tests. You can get a vanilla template or one that sends Basic HTTP
authentication (with a username and password). In either case, the template behaves in a
test-friendly way by not throwing exceptions on server-side errors. It is recommended,
but not mandatory, to use the Apache HTTP Client (version 4.3.2 or better). If you have
that on your classpath, the TestRestTemplate responds by configuring the client
appropriately. If you do use Apache’s HTTP client, some additional test-friendly features
are enabled:

Redirects are not followed (so you can assert the response location).

Cookies are ignored (so the template is stateless).

TestRestTemplate can be instantiated directly in your integration tests, as shown in
the following example:

Alternatively, if you use the @SpringBootTest annotation with
WebEnvironment.RANDOM_PORT or WebEnvironment.DEFINED_PORT, you can inject a
fully configured TestRestTemplate and start using it. If necessary, additional
customizations can be applied through the RestTemplateBuilder bean. Any URLs that do
not specify a host and port automatically connect to the embedded server, as shown in the
following example:

46. WebSockets

Spring Boot provides WebSockets auto-configuration for embedded Tomcat, Jetty, and
Undertow. If you deploy a war file to a standalone container, Spring Boot assumes that the
container is responsible for the configuration of its WebSocket support.

Spring Framework provides rich WebSocket support
for MVC web applications that can be easily accessed through the
spring-boot-starter-websocket module.

WebSocket support is also available for
reactive web applications and
requires to include the WebSocket API alongside spring-boot-starter-webflux:

SimpleWsdl11Definition and SimpleXsdSchema beans can be automatically created for
your WSDLs and XSDs respectively. To do so, configure their location, as shown in the
following example:

spring.webservices.wsdl-locations=classpath:/wsdl

48. Calling Web Services with WebServiceTemplate

If you need to call remote Web services from your application, you can use the
WebServiceTemplate class.
Since WebServiceTemplate instances often need to be customized before being used, Spring
Boot does not provide any single auto-configured WebServiceTemplate bean. It does,
however, auto-configure a WebServiceTemplateBuilder, which can be used to create
WebServiceTemplate instances when needed.

By default, WebServiceTemplateBuilder detects a suitable HTTP-based
WebServiceMessageSender using the available HTTP client libraries on the classpath. You
can also customize read and connection timeouts as follows:

49. Creating Your Own Auto-configuration

If you work in a company that develops shared libraries, or if you work on an open-source
or commercial library, you might want to develop your own auto-configuration.
Auto-configuration classes can be bundled in external jars and still be picked-up by
Spring Boot.

Auto-configuration can be associated to a “starter” that provides the auto-configuration
code as well as the typical libraries that you would use with it. We first cover what
you need to know to build your own auto-configuration and then we move on to the
typical steps required to create a custom starter.

Tip

A demo
project is available to showcase how you can create a starter step-by-step.

49.1 Understanding Auto-configured Beans

Under the hood, auto-configuration is implemented with standard @Configuration classes.
Additional @Conditional annotations are used to constrain when the auto-configuration
should apply. Usually, auto-configuration classes use @ConditionalOnClass and
@ConditionalOnMissingBean annotations. This ensures that auto-configuration applies
only when relevant classes are found and when you have not declared your own
@Configuration.

49.2 Locating Auto-configuration Candidates

Spring Boot checks for the presence of a META-INF/spring.factories file within your
published jar. The file should list your configuration classes under the
EnableAutoConfiguration key, as shown in the following example:

You can use the
@AutoConfigureAfter or
@AutoConfigureBefore
annotations if your configuration needs to be applied in a specific order. For example,
if you provide web-specific configuration, your class may need to be applied after
WebMvcAutoConfiguration.

If you want to order certain auto-configurations that should not have any direct
knowledge of each other, you can also use @AutoConfigureOrder. That annotation has the
same semantic as the regular @Order annotation but provides a dedicated order for
auto-configuration classes.

Note

Auto-configurations must be loaded that way only. Make sure that they are defined in
a specific package space and that, in particular, they are never the target of component
scanning.

49.3 Condition Annotations

You almost always want to include one or more @Conditional annotations on your
auto-configuration class. The @ConditionalOnMissingBean annotation is one common
example that is used to allow developers to override auto-configuration if they are
not happy with your defaults.

Spring Boot includes a number of @Conditional annotations that you can reuse in your
own code by annotating @Configuration classes or individual @Bean methods. These
annotations include:

49.3.1 Class Conditions

The @ConditionalOnClass and @ConditionalOnMissingClass annotations let configuration
be included based on the presence or absence of specific classes. Due to the fact that
annotation metadata is parsed by using ASM, you can use the value
attribute to refer to the real class, even though that class might not actually appear on
the running application classpath. You can also use the name attribute if you prefer to
specify the class name by using a String value.

Tip

If you use @ConditionalOnClass or @ConditionalOnMissingClass as a part of a
meta-annotation to compose your own composed annotations, you must use name as referring
to the class in such a case is not handled.

49.3.2 Bean Conditions

The @ConditionalOnBean and @ConditionalOnMissingBean annotations let a bean be
included based on the presence or absence of specific beans. You can use the value
attribute to specify beans by type or name to specify beans by name. The search
attribute lets you limit the ApplicationContext hierarchy that should be considered
when searching for beans.

When placed on a @Bean method, the target type defaults to the return type of the
method, as shown in the following example:

In the preceding example, the myService bean is going to be created if no bean of type
MyService is already contained in the ApplicationContext.

Tip

You need to be very careful about the order in which bean definitions are added, as
these conditions are evaluated based on what has been processed so far. For this reason,
we recommend using only @ConditionalOnBean and @ConditionalOnMissingBean annotations
on auto-configuration classes (since these are guaranteed to load after any user-defined
bean definitions have been added).

Note

@ConditionalOnBean and @ConditionalOnMissingBean do not prevent @Configuration
classes from being created. The only difference between using these conditions at the class level
and marking each contained @Bean method with the annotation is that the former prevents
registration of the @Configuration class as a bean if the condition does not match.

49.3.3 Property Conditions

The @ConditionalOnProperty annotation lets configuration be included based on a Spring
Environment property. Use the prefix and name attributes to specify the property that
should be checked. By default, any property that exists and is not equal to false is
matched. You can also create more advanced checks by using the havingValue and
matchIfMissing attributes.

49.3.4 Resource Conditions

The @ConditionalOnResource annotation lets configuration be included only when a
specific resource is present. Resources can be specified by using the usual Spring
conventions, as shown in the following example: file:/home/user/test.dat.

49.3.5 Web Application Conditions

The @ConditionalOnWebApplication and @ConditionalOnNotWebApplication annotations let
configuration be included depending on whether the application is a “web application”.
A web application is any application that uses a Spring WebApplicationContext,
defines a session scope, or has a StandardServletEnvironment.

49.3.6 SpEL Expression Conditions

The @ConditionalOnExpression annotation lets configuration be included based on the
result of a SpEL expression.

49.4 Testing your Auto-configuration

An auto-configuration can be affected by many factors: user configuration (@Bean
definition and Environment customization), condition evaluation (presence of a
particular library), and others. Concretely, each test should create a well defined
ApplicationContext that represents a combination of those customizations.
ApplicationContextRunner provides a great way to achieve that.

ApplicationContextRunner is usually defined as a field of the test class to gather the
base, common configuration. The following example makes sure that
UserServiceAutoConfiguration is always invoked:

If multiple auto-configurations have to be defined, there is no need to order their
declarations as they are invoked in the exact same order as when running the
application.

Each test can use the runner to represent a particular use case. For instance, the sample
below invokes a user configuration (UserConfiguration) and checks that the
auto-configuration backs off properly. Invoking run provides a callback context that can
be used with Assert4J.

The runner can also be used to display the ConditionEvaluationReport. The report can be printed
at INFO or DEBUG level. The following example shows how to use the ConditionEvaluationReportLoggingListener
to print the report in auto-configuration tests.

49.4.1 Simulating a Web Context

If you need to test an auto-configuration that only operates in a Servlet or Reactive web
application context, use the WebApplicationContextRunner or
ReactiveWebApplicationContextRunner respectively.

49.4.2 Overriding the Classpath

It is also possible to test what happens when a particular class and/or package is not
present at runtime. Spring Boot ships with a FilteredClassLoader that can easily be used
by the runner. In the following example, we assert that if UserService is not present, the
auto-configuration is properly disabled:

49.5 Creating Your Own Starter

A full Spring Boot starter for a library may contain the following components:

The autoconfigure module that contains the auto-configuration code.

The starter module that provides a dependency to the autoconfigure module as well
as the library and any additional dependencies that are typically useful. In a nutshell,
adding the starter should provide everything needed to start using that library.

Tip

You may combine the auto-configuration code and the dependency management in a
single module if you do not need to separate those two concerns.

49.5.1 Naming

You should make sure to provide a proper namespace for your starter. Do not start your
module names with spring-boot, even if you use a different Maven groupId. We may
offer official support for the thing you auto-configure in the future.

As a rule of thumb, you should name a combined module after the starter. For example,
assume that you are creating a starter for "acme" and that you name the auto-configure
module acme-spring-boot-autoconfigure and the starter acme-spring-boot-starter. If
you only have one module that combines the two, name it acme-spring-boot-starter.

Also, if your starter provides configuration keys, use a unique namespace for them. In
particular, do not include your keys in the namespaces that Spring Boot uses (such as
server, management, spring, and so on). If you use the same namespace, we may modify
these namespaces in the future in ways that break your modules.

Make sure to
trigger
meta-data generation so that IDE assistance is available for your keys as well. You may
want to review the generated meta-data (META-INF/spring-configuration-metadata.json) to
make sure your keys are properly documented.

49.5.2 autoconfigure Module

The autoconfigure module contains everything that is necessary to get started with the
library. It may also contain configuration key definitions (such as
@ConfigurationProperties) and any callback interface that can be used to further
customize how the components are initialized.

Tip

You should mark the dependencies to the library as optional so that you can include
the autoconfigure module in your projects more easily. If you do it that way, the
library is not provided and, by default, Spring Boot backs off.

Spring Boot uses an annotation processor to collect the conditions on auto-configurations
in a metadata file (META-INF/spring-autoconfigure-metadata.properties). If that file is
present, it is used to eagerly filter auto-configurations that do not match, which will
improve startup time. It is recommended to add the following dependency in a module that
contains auto-configurations:

49.5.3 Starter Module

The starter is really an empty jar. Its only purpose is to provide the necessary
dependencies to work with the library. You can think of it as an opinionated view of what
is required to get started.

Do not make assumptions about the project in which your starter is added. If the library
you are auto-configuring typically requires other starters, mention them as well.
Providing a proper set of default dependencies may be hard if the number of optional
dependencies is high, as you should avoid including dependencies that are unnecessary for
a typical usage of the library. In other words, you should not include optional
dependencies.

Note

Either way, your starter must reference the core Spring Boot starter
(spring-boot-starter) directly or indirectly (i.e. no need to add it if your starter
relies on another starter). If a project is created with only your custom starter, Spring
Boot’s core features will be honoured by the presence of the core starter.

50. Kotlin support

Kotlin is a statically-typed language targeting the JVM (and other
platforms) which allows writing concise and elegant code while providing
interoperability with existing libraries written
in Java.

50.1 Requirements

Spring Boot supports Kotlin 1.2.x. To use Kotlin, org.jetbrains.kotlin:kotlin-stdlib and
org.jetbrains.kotlin:kotlin-reflect must be present on the classpath. The
kotlin-stdlib variants kotlin-stdlib-jdk7 and kotlin-stdlib-jdk8 can also be used.

Jackson’s Kotlin module is required
for serializing / deserializing JSON data in Kotlin. It is automatically registered when
found on the classpath. A warning message is logged if Jackson and Kotlin are present but
the Jackson Kotlin module is not.

Tip

These dependencies and plugins are provided by default if one bootstraps a Kotlin
project on start.spring.io.

50.2 Null-safety

One of Kotlin’s key features is null-safety. It
deals with null values at compile time rather than deferring the problem to runtime and
encountering a NullPointerException. This helps to eliminate a common source of bugs
without paying the cost of wrappers like Optional. Kotlin also allows using functional
constructs with nullable values as described in this
comprehensive guide to null-safety in Kotlin.

Although Java does not allow one to express null-safety in its type system, Spring
Framework, Spring Data, and Reactor now provide null-safety of their API via
tooling-friendly annotations. By default, types from Java APIs used in Kotlin are
recognized as
platform types
for which null-checks are relaxed.
Kotlin’s support for JSR 305
annotations combined with nullability annotations provide null-safety for the related
Spring API in Kotlin.

The JSR 305 checks can be configured by adding the -Xjsr305 compiler flag with the
following options: -Xjsr305={strict|warn|ignore}. The default behavior is the same as
-Xjsr305=warn. The strict value is required to have null-safety taken in account in
Kotlin types inferred from Spring API but should be used with the knowledge that Spring
API nullability declaration could evolve even between minor releases and more checks may
be added in the future).

Warning

Generic type arguments, varargs and array elements nullability are not yet
supported. See SPR-15942 for up-to-date
information. Also be aware that Spring Boot’s own API is not yet
annotated.

50.3 Kotlin API

50.3.1 runApplication

Spring Boot provides an idiomatic way to run an application with
runApplication<MyApplication>(*args) as shown in the following example:

This is a drop-in replacement for
SpringApplication.run(MyApplication::class.java, *args). It also allows customization
of the application as shown in the following example:

runApplication<MyApplication>(*args) {
setBannerMode(OFF)
}

50.3.2 Extensions

Kotlin extensions provide the ability
to extend existing classes with additional functionality. The Spring Boot Kotlin API makes
use of these extensions to add new Kotlin specific conveniences to existing APIs.

TestRestTemplate extensions, similar to those provided by Spring Framework for
RestOperations in Spring Framework, are provided. Among other things, the extensions
make it possible to take advantage of Kotlin reified type parameters.

50.4 Dependency management

In order to avoid mixing different version of Kotlin dependencies on the classpath,
dependency management of the following Kotlin dependencies is provided:

kotlin-reflect

kotlin-runtime

kotlin-stdlib

kotlin-stdlib-jdk7

kotlin-stdlib-jdk8

kotlin-stdlib-jre7

kotlin-stdlib-jre8

With Maven, the Kotlin version can be customized via the kotlin.version property and
plugin management is provided for kotlin-maven-plugin. With Gradle, the Spring Boot
plugin automatically aligns the kotlin.version with the version of the Kotlin plugin.

50.5 @ConfigurationProperties

@ConfigurationProperties currently only works with lateinit or nullable var
properties (the former is recommended), since immutable classes initialized by
constructors are not yet supported.

50.6 Testing

While it is possible to use JUnit 4 (the default provided by spring-boot-starter-test)
to test Kotlin code, JUnit 5 is recommended. JUnit 5 enables a test class to be
instantiated once and reused for all of the class’s tests. This makes it possible to use
@BeforeAll and @AfterAll annotations on non-static methods, which is a good fit for
Kotlin.

Part V. Spring Boot Actuator: Production-ready features

Spring Boot includes a number of additional features to help you monitor and manage your
application when you push it to production. You can choose to manage and monitor your
application by using HTTP endpoints or with JMX. Auditing, health, and metrics gathering
can also be automatically applied to your application.

52. Enabling Production-ready Features

The spring-boot-actuator module
provides all of Spring Boot’s production-ready features. The simplest way to enable the
features is to add a dependency to the spring-boot-starter-actuator ‘Starter’.

Definition of Actuator

An actuator is a manufacturing term that refers to a mechanical device for moving or
controlling something. Actuators can generate a large amount of motion from a small
change.

To add the actuator to a Maven based project, add the following ‘Starter’ dependency:

53. Endpoints

Actuator endpoints let you monitor and interact with your application. Spring Boot
includes a number of built-in endpoints and lets you add your own. For example, the
health endpoint provides basic application health information.

Each individual endpoint can be enabled
or disabled. This controls whether or not the endpoint is created and its bean exists in
the application context. To be remotely accessible an endpoint also has to be
exposed via JMX or HTTP. Most
applications choose HTTP, where the ID of the endpoint along with a prefix of /actuator
is mapped to a URL. For example, by default, the health endpoint is mapped to
/actuator/health.

The following technology-agnostic endpoints are available:

ID

Description

Enabled by default

auditevents

Exposes audit events information for the current application.

Yes

beans

Displays a complete list of all the Spring beans in your application.

Yes

caches

Exposes available caches.

Yes

conditions

Shows the conditions that were evaluated on configuration and auto-configuration
classes and the reasons why they did or did not match.

Allows retrieval and deletion of user sessions from a Spring Session-backed session
store. Not available when using Spring Session’s support for reactive web applications.

Yes

shutdown

Lets the application be gracefully shutdown.

No

threaddump

Performs a thread dump.

Yes

If your application is a web application (Spring MVC, Spring WebFlux, or Jersey), you can
use the following additional endpoints:

ID

Description

Enabled by default

heapdump

Returns a GZip compressed hprof heap dump file.

Yes

jolokia

Exposes JMX beans over HTTP (when Jolokia is on the classpath, not available for WebFlux).

Yes

logfile

Returns the contents of the logfile (if logging.file or logging.path properties have
been set). Supports the use of the HTTP Range header to retrieve part of the log file’s
content.

Yes

prometheus

Exposes metrics in a format that can be scraped by a Prometheus server.

Yes

To learn more about the Actuator’s endpoints and their request and response formats,
please refer to the separate API documentation (HTML or
PDF).

53.1 Enabling Endpoints

By default, all endpoints except for shutdown are enabled. To configure the enablement
of an endpoint, use its management.endpoint.<id>.enabled property. The following
example enables the shutdown endpoint:

management.endpoint.shutdown.enabled=true

If you prefer endpoint enablement to be opt-in rather than opt-out, set the
management.endpoints.enabled-by-default property to false and use individual endpoint
enabled properties to opt back in. The following example enables the info endpoint and
disables all other endpoints:

Disabled endpoints are removed entirely from the application context. If you want
to change only the technologies over which an endpoint is exposed, use the
include and exclude properties
instead.

53.2 Exposing Endpoints

Since Endpoints may contain sensitive information, careful consideration should be given
about when to expose them. The following table shows the default exposure for the built-in
endpoints:

ID

JMX

Web

auditevents

Yes

No

beans

Yes

No

caches

Yes

No

conditions

Yes

No

configprops

Yes

No

env

Yes

No

flyway

Yes

No

health

Yes

Yes

heapdump

N/A

No

httptrace

Yes

No

info

Yes

Yes

integrationgraph

Yes

No

jolokia

N/A

No

logfile

N/A

No

loggers

Yes

No

liquibase

Yes

No

metrics

Yes

No

mappings

Yes

No

prometheus

N/A

No

scheduledtasks

Yes

No

sessions

Yes

No

shutdown

Yes

No

threaddump

Yes

No

To change which endpoints are exposed, use the following technology-specific include and
exclude properties:

Property

Default

management.endpoints.jmx.exposure.exclude

management.endpoints.jmx.exposure.include

*

management.endpoints.web.exposure.exclude

management.endpoints.web.exposure.include

info, health

The include property lists the IDs of the endpoints that are exposed. The exclude
property lists the IDs of the endpoints that should not be exposed. The exclude
property takes precedence over the include property. Both include and exclude
properties can be configured with a list of endpoint IDs.

For example, to stop exposing all endpoints over JMX and only expose the health and
info endpoints, use the following property:

management.endpoints.jmx.exposure.include=health,info

* can be used to select all endpoints. For example, to expose everything over HTTP
except the env and beans endpoints, use the following properties:

If you want to implement your own strategy for when endpoints are exposed, you can
register an EndpointFilter bean.

53.3 Securing HTTP Endpoints

You should take care to secure HTTP endpoints in the same way that you would any other
sensitive URL. If Spring Security is present, endpoints are secured by default using
Spring Security’s content-negotiation strategy. If you wish to configure custom security
for HTTP endpoints, for example, only allow users with a certain role to access them,
Spring Boot provides some convenient RequestMatcher objects that can be used in
combination with Spring Security.

A typical Spring Security configuration might look something like the following example:

The preceding example uses EndpointRequest.toAnyEndpoint() to match a request to any
endpoint and then ensures that all have the ENDPOINT_ADMIN role. Several other matcher
methods are also available on EndpointRequest. See the API documentation
(HTML or
PDF) for details.

If you deploy applications behind a firewall, you may prefer that all your actuator
endpoints can be accessed without requiring authentication. You can do so by changing the
management.endpoints.web.exposure.include property, as follows:

application.properties.

management.endpoints.web.exposure.include=*

Additionally, if Spring Security is present, you would need to add custom security
configuration that allows unauthenticated access to the endpoints as shown in the
following example:

53.4 Configuring Endpoints

Endpoints automatically cache responses to read operations that do not take any
parameters. To configure the amount of time for which an endpoint will cache a response,
use its cache.time-to-live property. The following example sets the time-to-live of
the beans endpoint’s cache to 10 seconds:

application.properties.

management.endpoint.beans.cache.time-to-live=10s

Note

The prefix management.endpoint.<name> is used to uniquely identify the
endpoint that is being configured.

Note

When making an authenticated HTTP request, the Principal is considered as input to
the endpoint and, therefore, the response will not be cached.

53.5 Hypermedia for Actuator Web Endpoints

A “discovery page” is added with links to all the endpoints. The “discovery page” is
available on /actuator by default.

When a custom management context path is configured, the “discovery page” automatically
moves from /actuator to the root of the management context. For example, if the
management context path is /management, then the discovery page is available from
/management. When the management context path is set to /, the discovery page is
disabled to prevent the possibility of a clash with other mappings.

53.6 CORS Support

Cross-origin resource sharing
(CORS) is a W3C specification that lets you specify in a
flexible way what kind of cross-domain requests are authorized. If you use Spring MVC or
Spring WebFlux, Actuator’s web endpoints can be configured to support such scenarios.

CORS support is disabled by default and is only enabled once the
management.endpoints.web.cors.allowed-origins property has been set. The following
configuration permits GET and POST calls from the example.com domain:

53.7 Implementing Custom Endpoints

If you add a @Bean annotated with @Endpoint, any methods annotated with
@ReadOperation, @WriteOperation, or @DeleteOperation are automatically exposed over
JMX and, in a web application, over HTTP as well. Endpoints can be exposed over HTTP using
Jersey, Spring MVC, or Spring WebFlux.

You can also write technology-specific endpoints by using @JmxEndpoint or
@WebEndpoint. These endpoints are restricted to their respective technologies. For
example, @WebEndpoint is exposed only over HTTP and not over JMX.

You can write technology-specific extensions by using @EndpointWebExtension and
@EndpointJmxExtension. These annotations let you provide technology-specific operations
to augment an existing endpoint.

Finally, if you need access to web-framework-specific functionality, you can implement
Servlet or Spring @Controller and @RestController endpoints at the cost of them not
being available over JMX or when using a different web framework.

53.7.1 Receiving Input

Operations on an endpoint receive input via their parameters. When exposed via the web,
the values for these parameters are taken from the URL’s query parameters and from the
JSON request body. When exposed via JMX, the parameters are mapped to the parameters of
the MBean’s operations. Parameters are required by default. They can be made optional
by annotating them with @org.springframework.lang.Nullable.

Each root property in the JSON request body can be mapped to a parameter of the endpoint.
Consider the following JSON request body:

{"name": "test","counter": 42}

This can be used to invoke a write operation that takes String name and int counter
parameters.

Tip

Because endpoints are technology agnostic, only simple types can be specified in the
method signature. In particular declaring a single parameter with a custom type defining a
name and counter properties is not supported.

Note

To allow the input to be mapped to the operation method’s parameters, Java code
implementing an endpoint should be compiled with -parameters, and Kotlin code
implementing an endpoint should be compiled with -java-parameters. This will happen
automatically if you are using Spring Boot’s Gradle plugin or if you are using Maven and
spring-boot-starter-parent.

Input type conversion

The parameters passed to endpoint operation methods are, if necessary, automatically
converted to the required type. Before calling an operation method, the input received via
JMX or an HTTP request is converted to the required types using an instance of
ApplicationConversionService.

53.7.2 Custom Web Endpoints

Operations on an @Endpoint, @WebEndpoint, or @EndpointWebExtension are automatically
exposed over HTTP using Jersey, Spring MVC, or Spring WebFlux.

Web Endpoint Request Predicates

A request predicate is automatically generated for each operation on a web-exposed
endpoint.

Path

The path of the predicate is determined by the ID of the endpoint and the base path of
web-exposed endpoints. The default base path is /actuator. For example, an endpoint with
the ID sessions will use /actuator/sessions as its path in the predicate.

The path can be further customized by annotating one or more parameters of the operation
method with @Selector. Such a parameter is added to the path predicate as a path
variable. The variable’s value is passed into the operation method when the endpoint
operation is invoked.

HTTP method

The HTTP method of the predicate is determined by the operation type, as shown in
the following table:

Operation

HTTP method

@ReadOperation

GET

@WriteOperation

POST

@DeleteOperation

DELETE

Consumes

For a @WriteOperation (HTTP POST) that uses the request body, the consumes clause of
the predicate is application/vnd.spring-boot.actuator.v2+json, application/json. For
all other operations the consumes clause is empty.

Produces

The produces clause of the predicate can be determined by the produces attribute of the
@DeleteOperation, @ReadOperation, and @WriteOperation annotations. The attribute is
optional. If it is not used, the produces clause is determined automatically.

If the operation method returns void or Void the produces clause is empty. If the
operation method returns a org.springframework.core.io.Resource, the produces clause is
application/octet-stream. For all other operations the produces clause is
application/vnd.spring-boot.actuator.v2+json, application/json.

Web Endpoint Response Status

The default response status for an endpoint operation depends on the operation type (read,
write, or delete) and what, if anything, the operation returns.

A @ReadOperation returns a value, the response status will be 200 (OK). If it does not
return a value, the response status will be 404 (Not Found).

If a @WriteOperation or @DeleteOperation returns a value, the response status will be
200 (OK). If it does not return a value the response status will be 204 (No Content).

If an operation is invoked without a required parameter, or with a parameter that cannot
be converted to the required type, the operation method will not be called and the
response status will be 400 (Bad Request).

Web Endpoint Range Requests

An HTTP range request can be used to request part of an HTTP resource. When using Spring
MVC or Spring Web Flux, operations that return a org.springframework.core.io.Resource
automatically support range requests.

Note

Range requests are not supported when using Jersey.

Web Endpoint Security

An operation on a web endpoint or a web-specific endpoint extension can receive the
current java.security.Principal or
org.springframework.boot.actuate.endpoint.SecurityContext as a method parameter. The
former is typically used in conjunction with @Nullable to provide different behaviour
for authenticated and unauthenticated users. The latter is typically used to perform
authorization checks using its isUserInRole(String) method.

53.7.3 Servlet endpoints

A Servlet can be exposed as an endpoint by implementing a class annotated with
@ServletEndpoint that also implements Supplier<EndpointServlet>. Servlet endpoints
provide deeper integration with the Servlet container but at the expense of portability.
They are intended to be used to expose an existing Servlet as an endpoint. For new
endpoints, the @Endpoint and @WebEndpoint annotations should be preferred whenever
possible.

53.7.4 Controller endpoints

@ControllerEndpoint and @RestControllerEndpoint can be used to implement an endpoint
that is only exposed by Spring MVC or Spring WebFlux. Methods are mapped using the
standard annotations for Spring MVC and Spring WebFlux such as @RequestMapping
and @GetMapping, with the endpoint’s ID being used as a prefix for the path. Controller
endpoints provide deeper integration with Spring’s web frameworks but at the expense of
portability. The @Endpoint and @WebEndpoint annotations should be preferred whenever
possible.

53.8 Health Information

You can use health information to check the status of your running application. It is
often used by monitoring software to alert someone when a production system goes down.
The information exposed by the health endpoint depends on the
management.endpoint.health.show-details property which can be configured with one of the
following values:

Name

Description

never

Details are never shown.

when-authorized

Details are only shown to authorized users. Authorized roles can be configured using
management.endpoint.health.roles.

always

Details are shown to all users.

The default value is never. A user is considered to be authorized when they
are in one or more of the endpoint’s roles. If the endpoint has no configured roles
(the default) all authenticated users are considered to be authorized. The roles can
be configured using the management.endpoint.health.roles property.

Note

If you have secured your application and wish to use always, your security
configuration must permit access to the health endpoint for both authenticated and
unauthenticated users.

Health information is collected from the content of a
HealthIndicatorRegistry (by default all
HealthIndicator instances
defined in your ApplicationContext. Spring Boot includes a number of auto-configured
HealthIndicators and you can also write your own. By default, the final system state is
derived by the HealthAggregator which sorts the statuses from each HealthIndicator
based on an ordered list of statuses. The first status in the sorted list is used as the
overall health status. If no HealthIndicator returns a status that is known to the
HealthAggregator, an UNKNOWN status is used.

Tip

The HealthIndicatorRegistry can be used to register and unregister health
indicators at runtime.

53.8.1 Auto-configured HealthIndicators

The following HealthIndicators are auto-configured by Spring Boot when appropriate:

You can disable them all by setting the management.health.defaults.enabled
property.

53.8.2 Writing Custom HealthIndicators

To provide custom health information, you can register Spring beans that implement the
HealthIndicator interface.
You need to provide an implementation of the health() method and return a Health
response. The Health response should include a status and can optionally include
additional details to be displayed. The following code shows a sample HealthIndicator
implementation:

The identifier for a given HealthIndicator is the name of the bean without the
HealthIndicator suffix, if it exists. In the preceding example, the health information
is available in an entry named my.

In addition to Spring Boot’s predefined
Status types, it is also possible for
Health to return a custom Status that represents a new system state. In such cases, a
custom implementation of the
HealthAggregator interface
also needs to be provided, or the default implementation has to be configured by using
the management.health.status.order configuration property.

For example, assume a new Status with code FATAL is being used in one of your
HealthIndicator implementations. To configure the severity order, add the following
property to your application properties:

The HTTP status code in the response reflects the overall health status (for example,
UP maps to 200, while OUT_OF_SERVICE and DOWN map to 503). You might also want to
register custom status mappings if you access the health endpoint over HTTP. For example,
the following property maps FATAL to 503 (service unavailable):

management.health.status.http-mapping.FATAL=503

Tip

If you need more control, you can define your own HealthStatusHttpMapper bean.